The Curious Case of Notepad and Chthonic: Exposing a Malicious Infrastructure
Recently, I’ve been investigating malware utilizing PowerShell and have spent a considerable amount of time refining ways to identify new variants of attacks as they appear. This posting is a follow-up of my previous work on this subject in "Pulling Back the Curtains on EncodedCommand PowerShell Attacks".
In a sample I recently analyzed, something stood out as extremely suspicious which led me down a rabbit hole, uncovering malicious infrastructure supp...