Adetomiwa

The FBI identified several malicious VBS scripts used by Rana (APT39). The VBS malware was embedded in Microsoft Office documents. Once opened, the Office document deobfuscated and broke out two (2) scripts -[see IOCs below].

Fig 1.0: oledump showing document streams and macros

The full FBI report can be found here.

The demo for this analysis can be…

--

--

Adetomiwa

Adetomiwa

The adventures of the solitary talkative