■■■■■ DarkWidow : a Dropper/Post Exploitation Tool targeting Windows (Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing).
https://github.com/reveng007/DarkWidow
https://t.me/cKure/13588