Incident-Response

Welcome to my latest malware analysis! After exploring the Dropping Elephant APT group, I wanted to look at another threat actor active in the Middle East—the Iranian-linked group MuddyWater, specifically their UDPGangster campaign. I started by searching Malware Bazaar for APT samples. I found one tagged “UDPGangster” with hash 7ea4b307e84c8b32c0220eca13155a4cf66617241f96b8af26ce2db8115e3d53. It was a Microsoft Word document—perfect for analyzing a phishing campaign. Let’s dig in… Part 1: Malicious Document Analysis – VBA Macros & Payload I examined the document’s structure using oledump. The output showed three key macro-enabled streams (marked with M), indicating malicious code. ...

Hello and welcome to my second article! I am very excited to write about my journey in learning malware analysis. A few days ago, I was watching Malware Incident Response Training from maltrak.com. I wanted to practice what I learned, so I decided to find a real malware sample and analyze it myself. I needed a place to find these samples, and that’s when I discovered Malpedia. This website is very useful for analysts because it has a huge collection of malware information and samples from many different hacker groups. ...

How It Started My journey began with Malware Incident Response Training from maltrak.com. I was studying Incident Response Process and learning how professionals investigate cyber attacks. The training showed me how important memory analysis is for finding what happened during an attack. I wanted to practice these skills, so I started looking for more ways to analyze memory dumps. Finding a Cool Technique While searching for more learning materials, I found a CTF writeup. The author used a special tool to extract Chrome browsing history from a memory dump to find a hidden flag. ...