[SANS ISC] Tracking A Malware Campaign Through VT

I published the following diary on isc.sans.edu: “Tracking A Malware Campaign Through VT“:

During the weekend, I found several samples from the same VBA macro. The only difference between all the samples was the URL to fetch a malicious PE file. I have a specific YARA rule to search for embedded PowerShell strings and my rule fired several times with the same pattern and similar size. Here is the pattern… [Read more]

One comment

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.