Unsuccessful Crypto Phishing Attempt on Me
Aaron Samala
This documents the analysis I performed on a crypto phishing domain that a phisher DM’d me. It documents how I was able to pivot on file hashes the site served,…
urlscan.io
ClickFix Baddys via RussianPanda’s Workflow
TL;DR This documents specific steps you can take to find ClickFix infrastructure via RussianPanda‘s workflow. Summary Up Front This document builds on RussianPanda’s workflow to find ClickFix infrastructure. You can…
Open Directory Search Leads to Aged APT-C-35 Findings
TL;DR I saw a post on X that inspired me to search Shodan. I found an open directory associated with APT-C-35 (attribution based on file hashes that were listed in…
Gootloader: Updated Delivery Vector!
Intro @Gootloader recently published a new article showing how he found the Gootloader TA has updated their delivery vector. Previously, Gootloader was delivered by tricking the victim into thinking the…
AAFES Phishing Sites Observed
Short and simple This discusses how I found some AAFES (Army Air Force Exchange Service) themed phishing sites. Before continuing THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE…
Navy Federal Credit Union Masquerades Found!
This article documents repeatable steps for analysts and enthusiast researchers to search for and identify phishing sites masquerading as banking sites, specifically focusing on Navy Federal Credit Union. It builds…
Automating Gootkit Detection with urlscan.io: A Step-by-Step Guide
Learn to automate Gootkit malware detection using urlscan.io. This guide covers the use of urlscan.io's API and Python scripting to efficiently identify and analyze malicious forum loader scripts, enhancing your…