Fake Malware TOAD via Malvertizing
Aaron Samala
TL;DR There was a campaign for a Fake Malware TOAD via Malvertizing. Tactical Pause THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE MY OWN AND DO NOT REFLECT…
Thruntellisearch – Threat Hunting/Intelligence Research
PDFChampions YAPA Browser Hijacker/Loader Analysis
TL;DR PDFChampions is a YAPA Browser Hijacker, delivered via ads, that changes the browsers default search engine and also functions as a loader. Tactical Pause THE CONTENT, VIEWS, AND OPINIONS…
Convert Master Browser Hijacker Analysis
TL;DR Convert Master is a browser hijacker, delivered via ads, that changes the browsers default search engine – and I’ve observed it using a redirector for the “Retro Revive” fake…
Teams Transcript Page Lure Delivers GoTo RMM
TL;DR This documents a Teams transcript download page lure that delivers GoTo RMM. Tactical Pause THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE MY OWN AND DO NOT…
PoisonSeed YouTube-themed Career Phishing
TL;DR This documents a YouTube-themed Career Phishing campaign that I assess is likely related to PoisonSeed. Tactical Pause THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE MY OWN…
Thruntellisearch Analyst’s Pivot Checklist
TL;DR This is a checklist that thruntellisearch analysts can use in their quest to uncover additional adversary infrastructure. It may help provide a structured analysis. Tactical Pause THE CONTENT, VIEWS,…
Oyster Malware Delivery via Teams Fake App
TL;DR Oyster malware delivery via MS Teams Fake App. Tactical Pause THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE MY OWN AND DO NOT REFLECT THOSE OF MY…
Malformed Rhadamanthys DoH Query
TL;DR This analysis documents how the Rhadamanthys malware sends a malformed DoH query with the Host field specified twice. It fails in Any Run tasks that have the MITM Proxy…
Thractor Backlinks for SEO Poisoning to Deliver Lumma Stealer and SectopRAT
TL;DR This post documents backlinks, and how thractors use them for SEO poisoning to deliver Lumma Stealer and SectopRAT. I show how I find backlinks, and a technique to monitor…