Gootloader: Updated Delivery Vector!
Intro @Gootloader recently published a new article showing how he found the Gootloader TA has updated their delivery vector. Previously, Gootloader was delivered by tricking the victim into thinking the…
Da Samala Tech blogs on malware and stuffs
Intro @Gootloader recently published a new article showing how he found the Gootloader TA has updated their delivery vector. Previously, Gootloader was delivered by tricking the victim into thinking the…
There’s a 7-Zip-masquerading site that is serving NetSupport Rat. I’ve been monitoring for a new 7-Zip FakeApp for a little over a week. This quick post shows how I became…
I’m a big fan of monitoring FakeUpdate stuff. It appears that TA569 may be increasing their infrastructure, as there was additional TA569 middleware infra observed. THE CONTENT, VIEWS, AND OPINIONS…
Summary Up Front The LandUpdate808 actors have multiple domains responding to the same IP – and they all respond to the same endpoint used for the first stage of the…
Short and simple This discusses how I plan to use DNS.Coffee to drive research. You can find suspicious domains, and then pivot on that to find more suspicious domains. Before…
Short and simple This discusses how I found some AAFES (Army Air Force Exchange Service) themed phishing sites. Before continuing THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE…
Summary up front: This document shows how I’ve been using Silent Push to track SmartApeSG. These are repeatable steps that an analyst or enthusiast can follow to do the same.…