Details Started Tracking this activity when observed the encoded payload (f9ee2a922e43f7e080d14019a42d983004313499d2cb1fd3619d0d6eba417be1) that translates to the empty script similar to that in the Unit42 Blog about Aggah Campaign (https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign/). Was interesting to see the Detections for this script. Observed that the Pastebin account belonged to HAGGA Began tracking the related URLs in VT and observed that […]