Doing time with the YIPPHB dropper
released on 2022-11-29 @ 08:46:17 AM
Elastic Security Labs identified 12 clusters of activity using a similar TTP of threading Base64 encoded strings with Unicode icons to load the YIPPHB dropper. IPPHB is an unsophisticated, but effective, dropper used to deliver RAT implants. It uses Unicode icons embedded in Powershell to delay automated analysis.