Monday, July 30, 2018

Historical OSINT - Newly Launched Koobface Themed Campaign Spotted in the Wild


Related malicious URLs known to have participated in the campaign:
hxxp://qjcleaner.eu/hitin.php?affid=02979

Once executed a sample malware phones back to a well known command and control server IPs:
hxxp://212.117.160.18 GET /install.php?id=02979

Parked at the same IP where crusade affiliates are were more scareware domains. Meanwhile, the Koobface gang is currently busy typosquatting my name for registering domains (Rancho Ranchev; Pancho Panchev) for instance hxxp://mayernews.com - Email: 1andruh.a1@gmail.com is registered using Danchev Danch.

Saturday, July 28, 2018

Historical OSINT - Summarizing 2 Years of Webroot's Threat Blog Posts Research

It's been several years since I last posted a quality update at the industry's leading threat-intelligence gathering Webroot's Threat Blog following a successful career as lead security blogger and threat-intelligence analyst throughout 2012-2014.

In this post I'll summarize two years worth of Webroot's Threat Blog research with the idea to provide readers with the necessary data information and knowledge to stay ahead of current and emerging threats.

01. January - 2012
02. February - 2012
03. March - 2012
04. April - 2012
05. May - 2012
06. June - 2012
07. July - 2012
08. August - 2012
09. September - 2012
10. October - 2012
11. November - 2012
12. December - 2012
12. January - 2013
12. February - 2013
13. March - 2013
14. April - 2013
15. May - 2013
16. June - 2013
17. July - 2013
18. August - 2013
19. September - 2013
20. October - 2013
21. November - 2013
21. December - 2013
22. January - 2014
23. February - 2014
24. March - 2014
24. May - 2014
Enjoy!