Feb 16, 2022 Traffic

Pain to Pleasure: Understanding What Gets You Paid

The Only Two Motivators That Matter Human psychology is complex. I won't sit here and pretend that it isn't, or that I've somehow unlocked all of the secrets of the human mind. Far from it. However, there is one very…

Feb 07, 2022 Traffic

[2018-08-26] PseudoGate->RigEK->SmokeLoader->DarkVNC

Overview Saz file is 2018-08-26_21-30-41.saz (↓Analysis result using EKFiddle) Malware SmokeLoader c4e6c840a1158c3fe2b42203d7efa8a68928fb4bd3756083434c0ed0a903e152 [Hybrid-Analysis] [VirusTotal] DarkVNC c46caecc4f10f01cf644d1b4cba240da6c3e88384b4bac7c9f52740e1fee3bb5 [Hybrid-Analysis] [VirusTotal] Traffic-Chain http[:]//balmyfurniture.com ↓ [RIG Exploit Kit][Landing Page] http[:]//176.57.220.229/?NTMzNzcz&FgbUwGlOKrLRs&JCweTka=Zmx5&ZFwfsYl=Y2F0cw==&iNVNWajLD=c2hha2U=&mfOxoFPPus=bWF0Y2h1cA==&refWgbkKt=Zmx5&CtliQrBO=Zmx5&txs4=dKbFTOAbi20PTKAZmmIdaVlwSoaut20aEmhLP05eD_hOPMw5G_pLEErIL6G2xzPNRcw&fdx4f=wnrQMvXcKRXQFYbEKuXDSKFDKU7WGUaVw4-ahMG3Yp3Nfynz1ezURnL3tASVVF6RrbM&fbqcbzOEbVo=Zmx5&kEFjfvPDt=c2Vh&sxCsaYEfN=c3BvcnQ=&sRjMjpopq=Zmx5&apuqNWJ=bW9uZXk= ↓ [RIG Exploit Kit][SWF Payload] http[:]//176.57.220.229/?NTE2NTM5&xNoUwQ&RrQQREflWaXmxJ=Zmx5&ousVMpxMqWJYf=c3BvcnQ=&TqZwDFFjJa=bW9uZXk=&RVsZDOT=c2My&MEaWAVrUlGH=Zmx5&qytWHdWXHJCHF=c3BvcnQ=&WXNDFzIxvbw=c2My&txs4=ijkCFLQZnz91ZVV4a866oj0KDy0Ofh8bR_kbeYQlE-ZCRRrU63F2kybIkdMIkxReA6lETi-lLYg&qUDGsXCZazWIiz=c2Vh&fdx4f=xXrQMvWYbRXQDp3EKv_cT6NGMVHRGUCL2Y2dmrHVefjaeFWkzrDFTF_wozKATgSG6_dtdfJTDQD&sBzAPtkUY=c2Vh&UKfFkLUp=cmVzb3J0&CRLzFoffXCAYY=c2hha2U= ↓ [RIG Exploit Kit][Malware Payload] http[:]//176.57.220.229/?NjAzODU=&KlbsxNqAyiJIzjg&jRhRVO=c2Vh&wblxbKqQYTgzyq=c2Vh&BnlzQbYEpnZ=Y2F0cw==&fdx4f=wn3QMvXcKRXQFYbDKuXDSKZDKU7WHkaVw4-ahMG3YprNfynz1ezURnL3tASVVF6RrbMdKbFTO&UMpaNiPkk=c3BvcnQ=&JvqubXOCBfKblR=cmVzb3J0&lLYcKSjkqzxt=Zmx5&eHeGHwgnWfb=c2My&txs4=Abl20PTKAFmmIdaUVwSoauq20aEmhLP05eD_hOPMw5G_pLEErIL0VT8zLgdecIkzibfqWVT_A&izhvKHmMFQcS=c2My&GAZOWKviwa=c2My&SPoDpAEkOD=cmVzb3J0&KzlbUnYIPAOABZ=c2Vh * This…

Feb 07, 2022 Traffic

[2018-09-03] FalloutEK->SmokeLoader

Overview Saz file is 2018-09-03_14-09-16.saz (↓Analysis result using EKFiddle) Malware SmokeLoader 5b5a961e9f5bc9e8adc9562caa8c6e99be456fa211d9df7df996b2a18e896d74 [Hybrid-Analysis] [VirusTotal] Traffic-Chain http[:]//huli.cf/v3 ↓ [Fallout Exploit Kit][Landing Page] http[:]//naosecgomosec.gq/1981_02_26/6973.htm ↓ [Fallout Exploit Kit][Malware Payload] http[:]//naosecgomosec.gq/Furies/10-01-1973.jspx * This article was originally published here

Feb 07, 2022 Traffic

[2018-09-10] PseudoGate->GrandSoft->AZORult

Overview Saz file is 2018-09-10_13-54-15.saz (↓Analysis result using EKFiddle) Malware AZORult f9de3c166478dbc314e9c72052fe7ca714fb108d5abe9d39888126e73fc342bf [Hybrid-Analysis] [VirusTotal] Traffic-Chain http[:]//www.afbchope.com ↓ [GrandSoft Exploit Kit][Checker] http[:]//wart.fadsznelectoratefola.xyz/indonesia-fess_loosens.htm ↓ [GrandSoft Exploit Kit][CVE-2018-8174] http[:]//wart.fadsznelectoratefola.xyz/getversoinpd/1/2/3/4 ↓ [GrandSoft Exploit Kit][Malware Payload] http[:]//wart.fadsznelectoratefola.xyz/9/121796 * This article was originally published here

Feb 07, 2022 Traffic

[2018-09-12] FalloutEK->GandCrab

Overview Saz file is 2018-09-12_14-48-50.saz (↓Analysis result using EKFiddle) Malware GandCrab 6a426cddd1e51fd4760b236919c89fb6621448de2edad195ddb39946d15e643e [Hybrid-Analysis] [VirusTotal] Traffic-Chain http[:]//51.15.98.59/62SPJm?cost={cost}&uclick=377sqd ↓ [Fallout Exploit Kit][Landing Page] http[:]//flowertowerback.space/7482-13476-Battement/iACi/11939.dhtml?Heartbird=viaducts_myoporum_oursel&Ep0EUP=KGFZ&NRpX=Octads_gunman_analogal_14889_tellurist_3946 ↓ [Fallout Exploit Kit][Malware Payload] http[:]//flowertowerback.space/zlUv7/vFoirNM/Unfortune/1968_06_23.jsp * This article was originally published here

Feb 07, 2022 Traffic

[2018-09-21] PseudoGate->GrandSoft->Ramnit

Overview Saz file is 2018-09-21_22-45-58.saz (↓Analysis result using EKFiddle) Malware Ramnit 40902f435d220655b9dfc5738dd8d9e2ebbbb12b9e54ce32ddd29d2b144aca76 [Hybrid-Analysis] [VirusTotal] Traffic-Chain https[:]//dollpremium.com/adcash.php?ban=22469542&clickid=15375376992116109753214767155394472&campaign=123212220 ↓ [GrandSoft Exploit Kit][Checker] http[:]//piercing.apartvd.xyz/veiledcahootschump.htm ↓ [GrandSoft Exploit Kit][CVE-2018-8174] http[:]//piercing.apartvd.xyz/getversoinpd/1/2/3/4 ↓ [GrandSoft Exploit Kit][Malware Payload] http[:]//piercing.apartvd.xyz/9/132546 * This article was originally published here

Feb 07, 2022 Traffic

[2018-09-25] FalloutEK->SAVEfiles Ransomware

Overview Saz file is 2018-09-25_14-47-25.saz (↓Analysis result using EKFiddle) Malware SAVEfiles Ransomware 446f4aff5e8617a75939deeddfec9c0cd2434f3a06f63ae037594b93c0f6ee61 [Hybrid-Analysis] [VirusTotal] Traffic-Chain http[:]//fincont.trade/tv?source=1933927-3854662911-0 ↓ [Fallout Exploit Kit][Landing Page] http[:]//privategame.fun/8643/Droppy-4471/AYBv6hS/bighted.html ↓ [Fallout Exploit Kit][Malware Payload] http[:]//privategame.fun/xftAJ7T9O9/bashmuric/benzoyls.phtml * This article was originally published here

Feb 07, 2022 Traffic

[2018-09-29] PseudoGate->GrandSoft->Ramnit->AZORult

Overview Saz file is 2018-09-29_20-26-55.saz (↓Analysis result using EKFiddle) Malware Ramnit ad45cfb13369d393156e9571f239ab9c58c43239067bbc74152d747d32bf3b0d [Hybrid-Analysis] [VirusTotal] AZORult 8b42b0cdf3507dfd4ccd3004f883a00759dd8dd29ed7785817990e5dba7be7df [Hybrid-Analysis] [VirusTotal] Traffic-Chain http[:]//lecheriasantos.com ↓ [GrandSoft Exploit Kit][Landing Page] http[:]//fsz.vegetable.apartvd.xyz/michigan.php ↓ [GrandSoft Exploit Kit][CVE-2018-8174] http[:]//fsz.vegetable.apartvd.xyz/getversoinpd/1/2/3/4 ↓ [GrandSoft Exploit Kit][Malware Payload] http[:]//fsz.vegetable.apartvd.xyz/9/128046 * This article…

Feb 06, 2022 Traffic

[2018-09-30] FalloutEK->GandCrab

Overview Saz file is 2018-09-30_22-59-41.saz (↓Analysis result using EKFiddle) Malware GandCrab 0a3c367793c08a1002ba036e11b95839f9ef630b2763bb0e6d513fb9ea95a400 [Hybrid-Analysis] [VirusTotal] Traffic-Chain http[:]//51.15.98.59/QZNzQNbT?keyword=0.000386&cost=0.000386&external_id=70265551871569920&creative_id=2051533&ad_campaign_id=1343893&source=1774896&cost=0.000386 ↓ [Fallout Exploit Kit][Landing Page] http[:]//greatwallinc.club/Theftbote_flowmeter_6406/convexed_postfaces_paddocks/aversive_emanated_hickified/i949cC.shtml ↓ [Fallout Exploit Kit][Malware Payload] http[:]//greatwallinc.club/1965_08_08/6302/basswood-Relievo-4736?Impedance=hz9UF&gyFhPaUUIc=8953&cothish=8064&EgLeL=glyceral_mallotus * This article was originally published here

Feb 06, 2022 Traffic

[2018-10-03] PseudoGate->GrandSoft->Ramnit->AZORult

Overview Saz file is 2018-10-03_20-27-11.saz (↓Analysis result using EKFiddle) Malware Ramnit 7580fd88c504adf06797a4375d7e06917d7d83ea0395d893ee3a0aac2fc4f59c [Hybrid-Analysis] [VirusTotal] AZORult 9e87dde215ff38118b8b4749a79166c2fa0aa6061c011489d932d2157e01f69c [Hybrid-Analysis] [VirusTotal] Traffic-Chain https[:]//traidings.today/activerevenue.php ↓ [GrandSoft Exploit Kit][Landing Page] http[:]//constitutionality-teen.apartvd.xyz/bent_aspects ↓ [GrandSoft Exploit Kit][CVE-2018-8174] http[:]//constitutionality-teen.apartvd.xyz/getversoinpd/1/2/3/4 ↓ [GrandSoft Exploit Kit][Malware Payload] http[:]//constitutionality-teen.apartvd.xyz/9/131968 * This article…