Updated LandUpdate808 Analysis
Aaron Samala
It’s been a while since I’ve posted about LandUpdate808. There was a compromised site that is local to Hawaii that I recently noticed, and it prompted me to research the…
Malware Research
ClickFix Delivery Initiated via Phishing Email
TL;DR Phishing email uses ClickFix to initiate multi-stage delivery (incomplete analysis at final stage). Tactical Pause THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE MY OWN AND DO…
First Lumma Stealer IOC!
Pretty stoked! I’ve been trying to see if I could find an unreported Lumma C2 domain since about August. At some point in August, I noticed ET Labs (https://x.com/ET_Labs) had…
The LandUpdate808 Fake Update Variant
Discover the LandUpdate808 fake update variant, a new cybersecurity threat tracked by our team. This article details its unique delivery chain, payload variations, and indicators of compromise, emphasizing the importance…
Gootloader Isn’t Broken
In this post, we take a closer look at the Gootloader malware, correcting previous assertions about its dysfunction. Through the use of tools like Process Monitor and Burp Suite, we…
Automating Gootkit Detection with urlscan.io: A Step-by-Step Guide
Learn to automate Gootkit malware detection using urlscan.io. This guide covers the use of urlscan.io's API and Python scripting to efficiently identify and analyze malicious forum loader scripts, enhancing your…
Gootkit Search Term Research
BLUF: This document will cover research into Gootkit search term research as well as research possible verification methods. Intro: Gootkit research depends on having high quality methods to find the…
Indeed Lure Spotted!
I spotted a lure masquerading as an Indeed Career Guide resource (https//666025xyz/erp-terms-of-contract). See below. I found this while working on the Gootkit Crawler project – a project that will generate…
Starting SocGholish Research
In this concise exploration, we delve into the methodology behind tracking and analyzing SocGholish malware. Aimed at both newcomers and seasoned SOC Analysts, the article guides readers through the practical…
Is Gootkit Updating Their C2 Infrastructure?
Discover the latest strategies in cyber warfare with our investigative piece on Gootkit malware's evolving C2 infrastructure. Uncover insights into how the removal of xmlrpc.php signals a new phase in…