With, the, rise, of, Web, malware, exploitation, kits, continuing, to, proliferate, cybercriminals, are, poised, to, continue, earning, fraudulent, revenue, in, the, process, of, monetizing, access, to, malware-infected, hosts, largely, relying, on, the, active,y utilization, of, client-side, exploits, further, spreaing, malicious, software, potentially, compromising, the, confidentiality, availability, and, integrity, of, the, targeted, host, to, a, multi-tude, of, malicious, software.
What, used, to, be, an, ecosystem, dominated, by, proprietary, DIY (do-it-yourself) malware and exploits, generating, tools, is, today's, modern, cybercrime, ecosystem, dominated, by, Web, malware, exploitation, kits, successfully, empowering, novice, cybercriminals, with, the, necessary, tactics, techniques, and, procedures, for, the, purpose, of, launching, a, fraudulent, and, malicious, campaign, potentially, affecting, hundreds, of, thousands, of, users, globally.
In, this, post, we'll, provide, actionable, intelligence, on, currently, active, IcePack, Web, malware, exploitation, kit, client-side, and, malware-exploits, serving, domains.
Related IcePack Web Malware Exploitation Kit domains:
hxxp://seateremok.com/xc/index.php
hxxp://lskdfjlerjvm.com/ice-pack/index.php
hxxp://formidleren.dk/domain/mere.asp
hxxp://webs-money.info/ice-pack/index.php
hxxp://seateremok.com/xc/index.php
hxxp://greeetthh.com/ice-pack1/index.php
hxxp://58.65.235.153/~pozitive/ice/index.php
hxxp://iframe911.com/troy/us/sp/ice/index.php
hxxp://themusicmp3.info/rmpanfr/index.php
Related, malicious, MD5s, known, to, have, phoned, back, to, the, same, malicious, C&C, server, IPs (lskdfjlerjvm.com):
MD5: 4c0958f2f9f5ff2e5ac47e92d4006452
MD5: d955372c7ef939502c43a71ff1a9f76e
MD5: 118e24ea884d375dc9f63c986a15e5df
MD5: e825a7e975a9817441da9ba1054a3e6f
MD5: 71460d4a1c7c18ec672fed56d764ebe6
Once, executed, a, sample, malware (MD5: d955372c7ef939502c43a71ff1a9f76e), phones, back, to, the, following, malicious, C&C, server, IPs:
hxxp://riddenstorm.net - 208.100.26.234
hxxp://lordofthepings.ru - 109.70.26.37
hxxp://tableshown.net - 208.100.26.234
hxxp://leadshown.net
hxxp://tablefood.ru
hxxp://tablefood.net - 180.210.34.47
hxxp://leadfood.net
hxxp://tablemeet.net
hxxp://leadmeet.net
hxxp://pointneck.net
hxxp://pointshown.net
hxxp://callshown.net - 212.61.180.100
hxxp://callneck.ru
hxxp://callneck.net
hxxp://ringshown.ru
hxxp://ringshown.net
hxxp://noneshown.net
We'll, continue, monitoring, the, campaigns, and, post, updates, as, soon, as, new, developments, take, place.
Monday, May 29, 2017
Historical OSINT - A Portfolio of Exploits Serving Domains
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com