k3yp0d

Hi all, long time I have not written here a post, this is because I usually share my short findings on Twitter  or in-depth analysis for the company I work for. However, I often encounter some data that is uncertain and causes musings. Since no one wants to hire me as a full time threat intelligence I decided to share those musings with the community as it might help others to better understand some threats. Due to the fact this is my personal blog, I will not use a strict structure of a report. Instead I will start with a freestyle analysis of an interesting attack I have spotted targeting Armenians, after it I will write my musings as this attack might or might not be related to a known threat actor named MuddyWater. Initial vector - benign office document: I have found a minimal and benign word document written in Armenian which contains a link at the bottom: If we click on the link, a browser window will open the URL which displays a captcha message in Armenian: If we click on the