FOLLOW ME ON X @MalasadaTech808
Aaron Samala
HOWZIIIIIIIIIIIIIIIIIIIIIIT! Here’s a quick post to share with the world that I’ve created a new X account – lol smash that follow button! I post some quickfire stuff that I…
Aaron Samala
Thractor Backlinks for SEO Poisoning to Deliver Lumma Stealer and SectopRAT
TL;DR This post documents backlinks, and how thractors use them for SEO poisoning to deliver Lumma Stealer and SectopRAT. I show how I find backlinks, and a technique to monitor…
LandUpdate808 Backend C2 Analysis
TL;DR LandUpdate808 uses a backend C2 resource that is separate from the injected links infrastructure. This backend C2 resource, or injected link provider, serves a Base64 encoded string that is…
Defender’s ThreatMesh Framework (DTF) – An Infrastructure Pivot Framework
DTF is a framework that codifies infrastructure pivot techniques that could help cyber threat researchers.
TA569 SocGholish Overlap w/TA582 Infra
Intro This is the long form of my post from here: https://x.com/MalasadaTech/status/1924982337689027063. While browsing urlscan scan tasks, I found crypto-js.min.js usage for obfuscation linked to Tycoon and Storm1747 in Any…
Copy/Paste Technique Used to Deliver XWORM
XWORM is observed being distributed via Copy/Paste. XWORM C2 traffic uses a pattern that can be matched. Using Discord webhooks for C2 is not new, but it’s new to me.…
PDF Lure Delivering GoTo (LogMeIn) RMM
This documents chrunting for delivery sites that connect to api.telegramorg, finding a malicious GoTo RMM, and developing masq-monitor and Snort/Suricata detections. Tactical Pause THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON…
Unsuccessful Crypto Phishing Attempt on Me
This documents the analysis I performed on a crypto phishing domain that a phisher DM’d me. It documents how I was able to pivot on file hashes the site served,…
SVG Capabilities and Behaviors
TL;DR This documents my research into three methods an attacker could use, with an SVG file, in a phishing attack to direct the victim to the next stage in the…
Updated LandUpdate808 Analysis
It’s been a while since I’ve posted about LandUpdate808. There was a compromised site that is local to Hawaii that I recently noticed, and it prompted me to research the…