Silent Push Archives - Malasada Tech

ConvertyFile Browser Hijacker

Aaron Samala October 29, 2025 1 Comment

TL;DR ConvertyFile is a browser hijacker, delivered via ads, that changes the browser’s default search engine. Tactical Pause THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE MY OWN…

Thruntellisearch - Threat Hunting/Intelligence Research

Teams Transcript Page Lure Delivers GoTo RMM

Aaron Samala October 24, 2025 No Comments

TL;DR This documents a Teams transcript download page lure that delivers GoTo RMM. Tactical Pause THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE MY OWN AND DO NOT…

Phishing Thruntellisearch - Threat Hunting/Intelligence Research

PoisonSeed YouTube-themed Career Phishing

Aaron Samala October 4, 2025 No Comments

TL;DR This documents a YouTube-themed Career Phishing campaign that I assess is likely related to PoisonSeed. Tactical Pause THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE MY OWN…

Thruntellisearch - Threat Hunting/Intelligence Research

Oyster Malware Delivery via Teams Fake App

Aaron Samala September 28, 2025 2 Comments

TL;DR Oyster malware delivery via MS Teams Fake App. Tactical Pause THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE MY OWN AND DO NOT REFLECT THOSE OF MY…

LandUpdate808

LandUpdate808 Backend C2 Analysis

Aaron Samala August 16, 2025 No Comments

TL;DR LandUpdate808 uses a backend C2 resource that is separate from the injected links infrastructure. This backend C2 resource, or injected link provider, serves a Base64 encoded string that is…

Phishing

Unsuccessful Crypto Phishing Attempt on Me

Aaron Samala April 7, 2025 No Comments

This documents the analysis I performed on a crypto phishing domain that a phisher DM’d me. It documents how I was able to pivot on file hashes the site served,…

Threat Intelligence

Silent Push to find SmartApeSG, LandUpdate808, and TA582 Infra

Aaron Samala December 27, 2024 1 Comment

Using Silent Push to find the following infrastructure TL;DR You can use Silent Push’s query builder to monitor certain adversary infrastructure based on simple properties such as ASN, name server,…

ClickFix Threat Intelligence

ClickFix Baddys via RussianPanda’s Workflow

Aaron Samala November 26, 2024 No Comments

TL;DR This documents specific steps you can take to find ClickFix infrastructure via RussianPanda‘s workflow. Summary Up Front This document builds on RussianPanda’s workflow to find ClickFix infrastructure. You can…

Threat Intelligence

Open Directory Search Leads to Aged APT-C-35 Findings

Aaron Samala November 24, 2024 No Comments

TL;DR I saw a post on X that inspired me to search Shodan. I found an open directory associated with APT-C-35 (attribution based on file hashes that were listed in…

Gootloader Gootloader Backlinks Threat Intelligence

Gootloader: Updated Delivery Vector!

Aaron Samala November 11, 2024 No Comments

Intro @Gootloader recently published a new article showing how he found the Gootloader TA has updated their delivery vector. Previously, Gootloader was delivered by tricking the victim into thinking the…

Breaking

Silent Push

ConvertyFile Browser Hijacker

Teams Transcript Page Lure Delivers GoTo RMM

PoisonSeed YouTube-themed Career Phishing

Oyster Malware Delivery via Teams Fake App

LandUpdate808 Backend C2 Analysis

Unsuccessful Crypto Phishing Attempt on Me

Silent Push to find SmartApeSG, LandUpdate808, and TA582 Infra

ClickFix Baddys via RussianPanda’s Workflow

Open Directory Search Leads to Aged APT-C-35 Findings

Gootloader: Updated Delivery Vector!

You Missed

Fake Malware TOAD via Malvertizing

PDFChampions YAPA Browser Hijacker/Loader Analysis

ConvertyFile Browser Hijacker

Convert Master Browser Hijacker Analysis