Security Affairs

MAY 12, 2020

Figure 8: Snippet of code – obfuscation differences between the VBS samples; December 2019 and May 2020. In order to decode the URLs, we use the snippet of code available here. Figure 10 shows image resources included inside the binary. Figure 10: Image resources inside the malware to increase the file size.

Cloud 107

Cloud Government Access Phishing 107

Security Affairs

DECEMBER 29, 2019

Figure 6: Snippet from the Politica de Protecao de Dados – ST-8 file, never used during the malware infection chain. Figure 22: Resources from the Lampion trojan malware. This can be seen as yet another anti-reversing mechanism introduced by malware authors. Only the [2] file ( FacturaNovembro-4492154-2019-10_8.vbs Figure 28: 0.zip

Passwords 97

Passwords e-Discovery IT Cleanup 97

Troy Hunt

FEBRUARY 11, 2018

Here's what the modified script looked like: De-obfuscated, that first snippet of code looks like this: And there's your problem - the file at [link] is being embedded directly into the site. Yes, it is, and I'm opening visitors to this blog up to a very similar (but ultimately different) risk. It stops attacks like the one today dead.

Libraries 98

Libraries Risk Government IT 98