A Hunting Story
rep-2016-9006
rep-2016-9006
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Now that we have positively identified useful base64 encoded malicious strings through a Recorded Future list and<br />
search, we will save the search and alert on future references or events that match our criteria, because a hunting<br />
team’s work is never done.<br />
Recorded Future email alert based on new “FromBase64String” references.<br />
4. Examples of base64 encoded strings in web favicons.<br />
Our fourth example involves favicons, because they are specifically referenced in the above nation-state attack<br />
observables.<br />
Favicon references containing base64 encoded strings.<br />
Recorded Future Threat Intelligence Report<br />
19