We recently observed a Bazarloader campaign at $dayjob, kicking off the return of maldoc campaigns after the holidays. This campaign piqued my interest after it hit on my SPLCrypt Yara rule that I wrote a while back, so I figured why not do a quick write-up and share that rule out. If there are any errors in this post, please feel free to reach out to me for corrections. I’m still learning...
BazarLoader – Back From Holiday Break
B