While hunting, I spent some time trying to deobfuscate a malicious file discovered on VT. It triggered my PowerShell rule. At the end, I found two files that look close together:
This article has been indexed from SANS Internet Storm Center, InfoCON: green