Gootloader: Updated Delivery Vector!
Aaron Samala
Intro @Gootloader recently published a new article showing how he found the Gootloader TA has updated their delivery vector. Previously, Gootloader was delivered by tricking the victim into thinking the…
Threat Intelligence
7-Zip FakeApp Serving NetSupport Rat!
There’s a 7-Zip-masquerading site that is serving NetSupport Rat. I’ve been monitoring for a new 7-Zip FakeApp for a little over a week. This quick post shows how I became…
Additional TA569 Middleware Infra Observed
I’m a big fan of monitoring FakeUpdate stuff. It appears that TA569 may be increasing their infrastructure, as there was additional TA569 middleware infra observed. THE CONTENT, VIEWS, AND OPINIONS…
New Behavior for LandUpdate808 Observed
Summary Up Front The LandUpdate808 actors have multiple domains responding to the same IP – and they all respond to the same endpoint used for the first stage of the…
Using Silent Push to Detect SmartApeSG IoFAs
Summary up front: This document shows how I’ve been using Silent Push to track SmartApeSG. These are repeatable steps that an analyst or enthusiast can follow to do the same.…
Possible Early Stage Caesar Cipher Skimmer
This article explores the discovery of a potential early-stage Caesar cipher skimmer during the investigation of suspicious activities linked to a Tunisian online store. The investigation uncovers hidden JavaScript masquerading…
The LandUpdate808 Fake Update Variant
Discover the LandUpdate808 fake update variant, a new cybersecurity threat tracked by our team. This article details its unique delivery chain, payload variations, and indicators of compromise, emphasizing the importance…
Gootloader Isn’t Broken
In this post, we take a closer look at the Gootloader malware, correcting previous assertions about its dysfunction. Through the use of tools like Process Monitor and Burp Suite, we…
Why is Ghana, Cambodia, and Brazil so interested in USPS Templates?
Explore the mysterious allure of USPS templates in countries like Ghana, Cambodia, and Brazil. Discover why official government domains might host these lure articles, and the implications for global cyber…
Gootkit Search Term Research
BLUF: This document will cover research into Gootkit search term research as well as research possible verification methods. Intro: Gootkit research depends on having high quality methods to find the…