About 8 years ago while I was leading an engagement, we created a stager that downloaded an encoded string from Pastebin. This string would decode to the malware that we were trying to deploy. Websites like Pastebin & Gist are often used by developers and whitelisted at most organizations. We wanted to exploit this inherent trust to deliver our payload. After the engagement I wondered if other attackers are trying to do the same thing. This was the start of my digital dumpster diving quest. Now there are several campaigns both sophisticated and unsophisticated leveraging text dump sites and blogging platforms to deploy its payload.
Thanks Adrian K. for giving me the opportunity to present at July 18th, 2019 #DC416 meetup. There were some amazing conversations on #threathunting #threatintelligence and #malwareanalysis. Sharing my slides here for those that couldn't attend.