https://hexpysya.github.io/tags/mega/Recent content in MEGA on bubka hacks stuffHugo -- gohugo.ioen-usThu, 09 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/elk-black-basta/Thu, 09 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/elk-black-basta/A finance employee opened a malicious Excel macro from a drive-by download, which executed a VBS dropper, loaded WindowsUpdaterFX.dll via regsvr32, established persistence, dropped Pancake.jpg.exe as a C2 backdoor, performed internal reconnaissance, laterally moved to a domain controller via PsExec using compromised credentials, exfiltrated client data to MEGA via rclone, deleted shadow copies, and deployed BlackBasta ransomware.