I published the following diary on isc.sans.edu: “Tracking A Malware Campaign Through VT“:
During the weekend, I found several samples from the same VBA macro. The only difference between all the samples was the URL to fetch a malicious PE file. I have a specific YARA rule to search for embedded PowerShell strings and my rule fired several times with the same pattern and similar size. Here is the pattern… [Read more]
One comment