POWERSING - FROM LNK FILES TO JANICAB THROUGH YOUTUBE & TWITTER
INTRODUCTION This post will discuss an ongoing campaign that have been operational since at least August 2017 . The post will look into the delivery of the malware, some analysis on the payload, and some additional insights in relation to the campaign. It is by no means a full in depth analysis of the malware and all it's functionality. LAWYER UP!! This all started with a tweet by the AWESOME Jacob Soo ( @_jsoo_ ) whom I recommend you go and follow if you are interested in analyzing malware and tracking different threat actors. The sample is a ZIP file titled "Dubai_Lawyers_update_2018.zip" and the archive contains two LNK files that are perpetrating to be PDF files. The actors in this case borrowed couple of files from the British Embassy site and used them as decoy documents to lure victims into believing that these files are in fact legitimate. https://assets.publishing.service[.]gov.uk/government/uploads/system/uploads/attachment_data/file/754075/