First Lumma Stealer IOC!
Pretty stoked! I’ve been trying to see if I could find an unreported Lumma C2 domain since about August. At some point in August, I noticed ET Labs (https://x.com/ET_Labs) had…
Da Samala Tech blogs on malware and stuffs
Pretty stoked! I’ve been trying to see if I could find an unreported Lumma C2 domain since about August. At some point in August, I noticed ET Labs (https://x.com/ET_Labs) had…
I’m a big fan of monitoring FakeUpdate stuff. It appears that TA569 may be increasing their infrastructure, as there was additional TA569 middleware infra observed. THE CONTENT, VIEWS, AND OPINIONS…
Summary Up Front The LandUpdate808 actors have multiple domains responding to the same IP – and they all respond to the same endpoint used for the first stage of the…
Short and simple This discusses how I plan to use DNS.Coffee to drive research. You can find suspicious domains, and then pivot on that to find more suspicious domains. Before…
Short and simple This discusses how I found some AAFES (Army Air Force Exchange Service) themed phishing sites. Before continuing THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE…
Summary up front: This document shows how I’ve been using Silent Push to track SmartApeSG. These are repeatable steps that an analyst or enthusiast can follow to do the same.…
This article documents repeatable steps for analysts and enthusiast researchers to search for and identify phishing sites masquerading as banking sites, specifically focusing on Navy Federal Credit Union. It builds…
This article documents the investigation into websites masquerading as USAA. It details the methodology used to identify suspicious domains, pivoting off key indicators like CSS and font hashes, and highlights…
This article explores the discovery of a potential early-stage Caesar cipher skimmer during the investigation of suspicious activities linked to a Tunisian online store. The investigation uncovers hidden JavaScript masquerading…
Discover the LandUpdate808 fake update variant, a new cybersecurity threat tracked by our team. This article details its unique delivery chain, payload variations, and indicators of compromise, emphasizing the importance…