VirusTotal += Mandiant Permhash: Unearthing adversary infrastructure and toolkits by leveraging permissions similarity

The report analyzes a threat group's distribution infrastructure and modus operandi, using VirusTotal commonalities to identify repeatable patterns (such as .xyz domains and archive.zip filenames), execution parents that drop malicious Chrome extensions, and first-stage artifacts including DMG files and PowerShell scripts; several distribution URLs were observed in the wild and were undetected at the time of writing.