Updated LandUpdate808 Analysis
It’s been a while since I’ve posted about LandUpdate808. There was a compromised site that is local to Hawaii that I recently noticed, and it prompted me to research the…
Da Samala Tech blogs on malware and stuffs
It’s been a while since I’ve posted about LandUpdate808. There was a compromised site that is local to Hawaii that I recently noticed, and it prompted me to research the…
TL;DR Phishing email uses ClickFix to initiate multi-stage delivery (incomplete analysis at final stage). Tactical Pause THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE MY OWN AND DO…
Using Silent Push to find the following infrastructure TL;DR You can use Silent Push’s query builder to monitor certain adversary infrastructure based on simple properties such as ASN, name server,…
TL;DR / Summary Up Front ALOHA! This shows how you can take WatchingRac‘s post, create a profile of the delivery behavior, and search YouTube for slight variations to find other…
TL;DR This documents specific steps you can take to find ClickFix infrastructure via RussianPanda‘s workflow. Summary Up Front This document builds on RussianPanda’s workflow to find ClickFix infrastructure. You can…
TL;DR I saw a post on X that inspired me to search Shodan. I found an open directory associated with APT-C-35 (attribution based on file hashes that were listed in…
Intro @Gootloader recently published a new article showing how he found the Gootloader TA has updated their delivery vector. Previously, Gootloader was delivered by tricking the victim into thinking the…
There’s a 7-Zip-masquerading site that is serving NetSupport Rat. I’ve been monitoring for a new 7-Zip FakeApp for a little over a week. This quick post shows how I became…
Pretty stoked! I’ve been trying to see if I could find an unreported Lumma C2 domain since about August. At some point in August, I noticed ET Labs (https://x.com/ET_Labs) had…
I’m a big fan of monitoring FakeUpdate stuff. It appears that TA569 may be increasing their infrastructure, as there was additional TA569 middleware infra observed. THE CONTENT, VIEWS, AND OPINIONS…