Varist continues to find examples of Balada Injector compromised websites via unpatched tagDiv WordPress plugins. Long time WordPress site infection campaign, the Balada Injector gang, has been running since 2017…
Brief Sometime around mid January we came across an interesting sample lurking around in our honeypot, so we decided to investigate further. The initial payload comes in a Microsoft Cabinet…
Discovery While hunting for malware we found an interesting Javascript sample, which appears to be benign and purposed to dynamically defining some object properties. But is that all there is…
The Footprint We came across what seems to be a builder as the filename LnkBotBuilder_v4.zip implies. We also assume that it is already on version 4 via the string "v4".…