Gootloader: Updated Delivery Vector!
Intro @Gootloader recently published a new article showing how he found the Gootloader TA has updated their delivery vector. Previously, Gootloader was delivered by tricking the victim into thinking the…
Da Samala Tech blogs on malware and stuffs
Intro @Gootloader recently published a new article showing how he found the Gootloader TA has updated their delivery vector. Previously, Gootloader was delivered by tricking the victim into thinking the…
There’s a 7-Zip-masquerading site that is serving NetSupport Rat. I’ve been monitoring for a new 7-Zip FakeApp for a little over a week. This quick post shows how I became…
Pretty stoked! I’ve been trying to see if I could find an unreported Lumma C2 domain since about August. At some point in August, I noticed ET Labs (https://x.com/ET_Labs) had…
I’m a big fan of monitoring FakeUpdate stuff. It appears that TA569 may be increasing their infrastructure, as there was additional TA569 middleware infra observed. THE CONTENT, VIEWS, AND OPINIONS…
Summary Up Front The LandUpdate808 actors have multiple domains responding to the same IP – and they all respond to the same endpoint used for the first stage of the…
Short and simple This discusses how I plan to use DNS.Coffee to drive research. You can find suspicious domains, and then pivot on that to find more suspicious domains. Before…
Short and simple This discusses how I found some AAFES (Army Air Force Exchange Service) themed phishing sites. Before continuing THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE…
Summary up front: This document shows how I’ve been using Silent Push to track SmartApeSG. These are repeatable steps that an analyst or enthusiast can follow to do the same.…
This article documents repeatable steps for analysts and enthusiast researchers to search for and identify phishing sites masquerading as banking sites, specifically focusing on Navy Federal Credit Union. It builds…
This article documents the investigation into websites masquerading as USAA. It details the methodology used to identify suspicious domains, pivoting off key indicators like CSS and font hashes, and highlights…