home.aspx
 
. https://www.gdatasoftware.com/blog/2019/04/31607-paliz-powershell-downloader
blog article
PALIZ, THE POWERSHELL DOWNLOADER IN A ZIP AND BEYOND
Threat actors regularly come up with new techniques for malware downloaders to hide and execute their code with the expectation that they can fool antivirus solutions for some time. Paliz is an archive that carries malicious code in an unusual location. ZIP Archive Contents. This malware arrives via email attachment. The attached file is a ZIP archive using names like aggiornamento-documentazione-PT-0533984.zip ("update documentation"), or facture-prestation-V-384718.zip ("invoice presentation") to make users believe that it is worth to take a look into the archive's contents. The email text for the facture-prestation-V-384718.zip sample is seen below. If the user opens or extracts the ZIP archive, they will see an image file and a Windows shortcut that poses as an important business document (see picture below). File names like documentatione cliente.lnk ("customer documentation"), document financier pour client.lnk ("financial document for client"), notifice cliente.lnk ("notify customers") are used for the shortcuts. The image files are PNG or JPEG files, some of which actually look like an invoice, others show diagrams related to finances. The image files make the look and feel of the archive's contents more legitimate. READ MORE