An in-depth forensic analysis of how a seemingly legitimate Proof-of-Concept (PoC) for CVE-2020-35489 turned out to be a cleverly disguised malware. This blog post details the attack vector, payload deobfuscation, Indicators of Compromise (IoCs), and the steps taken to analyze and neutralize the threat.
Good writeup!
Definitely never good to run PoCs sight unseen; mostly not because of this kind of situation, but even just because different PoCs will have different results, and you need to know what to expect.
Also, if you see any level of obfuscation in PoC code, it’s more than likely malicious.