Threat actors need to constantly evolve their techniques to remain undetectable or their campaigns, once exposed, will cease operation. This briefing will take an in-depth, entertaining look at the ever evolving campaign that was thought to have been nearly eradicated. This campaign and the actors behind it have not only continued to operate behind the scenes, they have been actively testing the detection capabilities of their targets prior to launching the campaign’s next evolution. This talk will detail the steps that led us to the front and back doors of these threat actors. We will take the audience along on our journey of discovering the threat actors’ social media presence, their ever growing list of domains, their staging servers, and their mobile malware which we see constantly evolving to avoid detection. Additionally, we will analyze how the campaign has evolved and continues to evolve when compared to others campaigns. We will provide the audience with insights into the techniques needed in order to successfully track down threat actors on live targets.