Security Researcher, Threat Intel Analyst, Malware Analyst.
Last time on part 1 we made a deep dive into the overal campaign infrastructure operation revealing multiple indicators and targeted groups. This time Ia am going to focus on the findings related to the odd one, referering to the unique phishing page, I uncovered during the investigation...
Massive campaign targets over 27,000+ emails across across 14,000 domains from corporate and education. A threat actor by the name of "Armandabors" on github initially made a commit to github to update the massive list of emails used for one of the phihing domains.
Earlier today MITRE went public stating that a state-backed hacking group breached its systems using two Ivanti VPN zero-days back in January 2024.
Every analyst has one or two methodologies for analyzing malware and perhaps even different approaches based on the malware type being analyzed. Regardless of many ways you can analyze malware we all do static analysis and look into strings at some point.
I found an interesting PowerShell script uploaded today on Malware Bazaar uploaded at 2023-05-31 02:06 (UTC) then turns out to be a dropper...
