Historical OSINT - FTLog Worm Spreading Across Fotolog
In, a, cybercrime, ecosystem, dominated, by, fraudulent, propositions, cybercriminals, continue, actively, populating, their, botnet's, infected, population, further, spreading, malicious, software, while, compromising, the, confidentiality, integrity, and, availability, of, the, affected, hosts, to, a, multu-tude, of, malicious, software, while, earning, fraudulent, revenue, in, the, process, of, monetizing, access, to, the, malware-infected, hosts, further, spreading, malicious, software, while, monetizing, access, to, malware-infected, hosts, largely, relying, on, a, set, of, tactics, techniques, and, procedures, successfully, monetizing, access, to, the, malware-infected, hosts, largely, relying, on, the, utilization, of, affiliate-based, type, of, monetizing, scheme.
We've, recently, intercepted, a currently, circulating, malicious, spam, campaign, targeting, the, popular, social, network, Web, site, Fotolog, successfully, enticing, socially, engineered, users, into, interacting, with, malicious, links, while, monetizing, access, to, the, malware-infected, hosts, largely, relying, on, the, utilization, of, an, affiliate-based, type, of, monetizing, scheme.
In, this, post, we'll, profile, the, campaign, provide, actionable, intelligence, on, the, infrastructure, behind, it, and, discuss, in-depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind, it.
Sample, URL, redirection, chain:
hxxp://bit.ly/cBTsWo
- hxxp://zwap.to/001mk
- hxxp://www.cepsaltda.cl/uc/red.php?u=1 - 216.155.72.44
- hxxp://supatds.cn/go.php?sid=1 - 92.241.164.1
- hxxp://www.cepsaltda.cl/uc/rcodec.php
- hxxp://cepsaltda.cl/uc/codec/divxcodec.exe
Sample, detection, rate, for, a, sample, malicious, executable:
MD5: c6dbc58e0db3c597c4ab562ad9710a38
We'll, continue, monitoring, the, campaign, and, post, updates, as, soon, as, new, developments, take, place.
We've, recently, intercepted, a currently, circulating, malicious, spam, campaign, targeting, the, popular, social, network, Web, site, Fotolog, successfully, enticing, socially, engineered, users, into, interacting, with, malicious, links, while, monetizing, access, to, the, malware-infected, hosts, largely, relying, on, the, utilization, of, an, affiliate-based, type, of, monetizing, scheme.
In, this, post, we'll, profile, the, campaign, provide, actionable, intelligence, on, the, infrastructure, behind, it, and, discuss, in-depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind, it.
Sample, URL, redirection, chain:
hxxp://bit.ly/cBTsWo
- hxxp://zwap.to/001mk
- hxxp://www.cepsaltda.cl/uc/red.php?u=1 - 216.155.72.44
- hxxp://supatds.cn/go.php?sid=1 - 92.241.164.1
- hxxp://www.cepsaltda.cl/uc/rcodec.php
- hxxp://cepsaltda.cl/uc/codec/divxcodec.exe
Sample, detection, rate, for, a, sample, malicious, executable:
MD5: c6dbc58e0db3c597c4ab562ad9710a38
We'll, continue, monitoring, the, campaign, and, post, updates, as, soon, as, new, developments, take, place.
About Dancho Danchev
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
