I published the following diary on isc.sans.edu: “Tracking A Malware Campaign Through VT“:
During the weekend, I found several samples from the same VBA macro. The only difference between all the samples was the URL to fetch a malicious PE file. I have a specific YARA rule to search for embedded PowerShell strings and my rule fired several times with the same pattern and similar size. Here is the pattern… [Read more]
The post [SANS ISC] Tracking A Malware Campaign Through VT appeared first on /dev/random.
Article Link: https://blog.rootshell.be/2020/08/24/sans-isc-tracking-a-malware-campaign-through-vt/