FTCODE: taking over (a portion of) the botnet
released on 2020-01-22 @ 04:08:39 PM
A while ago we got our hands on an interesting malware sample. The sample was interesting to us for multiple reasons. On one hand it was a ransomware variant written fully in PowerShell. On the other hand, it contacted multiple domains which were not registered.