A total of 18 personas and approximately 70 hosted malware samples are enumerated. By examining known delivery phase malware samples that call out to, a large set of hosted payloads has been identified. However, this technique also requires an initial delivery phase malware file which then downloads and decodes the base64 payload.
This makes detection more difficult for websites that host data for download and storage.
This technique lets adversaries hide payloads due to the output from the encoding process being plain text. This is a known technique used by adversaries to hide payloads on public sites 4. On November 20, 2019, Twitter user 1 reported that a malicious file 2 was being hosted on in an encoded format called Base64.
0 kommentar(er)
