APT

Welcome to my latest malware analysis! After exploring the Dropping Elephant APT group, I wanted to look at another threat actor active in the Middle East—the Iranian-linked group MuddyWater, specifically their UDPGangster campaign. I started by searching Malware Bazaar for APT samples. I found one tagged “UDPGangster” with hash 7ea4b307e84c8b32c0220eca13155a4cf66617241f96b8af26ce2db8115e3d53. It was a Microsoft Word document—perfect for analyzing a phishing campaign. Let’s dig in… Part 1: Malicious Document Analysis – VBA Macros & Payload I examined the document’s structure using oledump. The output showed three key macro-enabled streams (marked with M), indicating malicious code. ...

Hello and welcome to my second article! I am very excited to write about my journey in learning malware analysis. A few days ago, I was watching Malware Incident Response Training from maltrak.com. I wanted to practice what I learned, so I decided to find a real malware sample and analyze it myself. I needed a place to find these samples, and that’s when I discovered Malpedia. This website is very useful for analysts because it has a huge collection of malware information and samples from many different hacker groups. ...