LandUpdate808 Backend C2 Analysis
Aaron Samala
TL;DR LandUpdate808 uses a backend C2 resource that is separate from the injected links infrastructure. This backend C2 resource, or injected link provider, serves a Base64 encoded string that is…
LandUpdate808
Updated LandUpdate808 Analysis
It’s been a while since I’ve posted about LandUpdate808. There was a compromised site that is local to Hawaii that I recently noticed, and it prompted me to research the…
Silent Push to find SmartApeSG, LandUpdate808, and TA582 Infra
Using Silent Push to find the following infrastructure TL;DR You can use Silent Push’s query builder to monitor certain adversary infrastructure based on simple properties such as ASN, name server,…
The LandUpdate808 Fake Update Variant
Discover the LandUpdate808 fake update variant, a new cybersecurity threat tracked by our team. This article details its unique delivery chain, payload variations, and indicators of compromise, emphasizing the importance…