Profiling a Typosquatted Google's Gmail Targeted Phishing Campaign Domain Portfolio - An OSINT Analysis
0 comments - November 29, 2022
hxxp://my-mail-account-gmail.com
hxxp://security-myaccount-goglemail.com
hxxp://myaccount-mail-my-gmail.com
hxxp://account-mail-my-gmail.com
hxxp://cloud-accounts-goglemail.com
hxxp://my-account-security-goglemail.com
hxxp://mail-yahoo-myaccounts.com
hxxp://mail-yahoo-myaccount.com
hxxp://account-disk-gmail.com
hxxp://my-mail-accounts-gmail.com
hxxp://accounts-mail-my-gmail.com
hxxp://mail-my-accounts-gmail.com
hxxp://myaccount-mail-goglemail.com
hxxp://accounts-oauth-gmail.com
hxxp://account-oauth-gmail.com
hxxp://account-my-mail-gmail.com
hxxp://mail-myaccounts-gmail.com
hxxp://accounts-mail-goglemail.com
hxxp://mail-myaccount-yahoo.com
hxxp://mail-my-account-gmail.com
hxxp://security-accounts-goglemail.com
hxxp://my-signin-accounts-gmail.com
hxxp://my-signin-account-gmail.com
hxxp://my-oauth-account-gmail.com
hxxp://security-myaccounts-goglemail.com
hxxp://security-my-account-goglemail.com
hxxp://my-security-goglemail.com
hxxp://myaccounts-gmail.com
hxxp://myaccounts-mail-gmail.com
hxxp://accounts-my-mail-gmail.com
hxxp://myaccounts-mail-my-gmail.com
hxxp://my-mail-account-yahoo.com
hxxp://security-my-goglemail.com
hxxp://myaccount-my-mail-gmail.com
hxxp://myaccounts-my-mail-gmail.com
hxxp://cloud-myaccount-goglemail.com
hxxp://my-mail-yahoo-accounts.com
hxxp://mail-yahoo-my-account.com
hxxp://mail-myaccount.com
hxxp://myaccounts-mail-yahoo.com
hxxp://my-mail-gmail.com
hxxp://security-my-accounts-goglemail.com
hxxp://mail-accounts-my-gmail.com
hxxp://yahoo-oauth-accounts.com
hxxp://mysecurity-goglemail.com
Sample responding IPs known to have been participating in the campaign include:
185.246.130.170
194.67.71.102
5.188.206.201
194.58.56.56
194.67.71.197
194.58.56.34
195.3.144.231
194.67.71.61
195.3.146.111
195.3.146.100
194.67.71.142
194.67.71.44
54.241.4.132
195.186.210.241
194.67.71.189
194.67.71.137
194.67.71.3
194.67.71.25
193.105.134.29
194.58.112.169
194.67.71.160
194.67.71.35
194.67.71.17
194.67.71.158
194.67.71.99
194.67.71.123
195.3.146.94
194.58.112.174
95.173.132.1
194.67.71.173
195.3.146.106
185.246.130.165
194.58.112.172
195.3.146.90
99.83.178.7
194.67.71.105
185.246.130.162
194.67.71.162
194.67.71.47
194.67.71.175
75.2.110.227
194.67.71.40
194.58.113.13
194.58.112.170
194.67.71.118
194.67.71.177
195.3.146.99
195.186.208.193
194.58.113.14
194.67.71.73
Stay tuned!
Sample Photos from My Cyber Security Talks Bulgaria Presentation - An Analysis
0 comments - November 16, 2022
I've decided to share some personal photos from my Cyber Security Talks Bulgaria presentation which is quite an outstanding event with quite some interesting and good audience where I had the privilege and meet and socialize with fellow researchers and experts and make an outstanding presentation.
Sample photos include:
Sample presentation slides include:
SmokeLoader Themed Malware Serving Campaign Spotted in the Wild - An Analysis
0 comments - November 15, 2022
I've decided to share with everyone some technical details behind a currently circulating malicious software serving campaign that's dropping a SmokeLoader variant on the targeted host and is using a variety of C&C server domains for communication with the malicious attackers.
Sample screenshots include:
Sample campaign structure:
MD5: ccaf26afe7db068aa11331f6c5af14d8
hxxp://host-file-host6.com - 34.106.70.53
hxxp://host-host-file8.com
Sample related responding IPs known to have been involved in the campaign include:
hxxp://176.124.221.9
hxxp://23.48.95.144
hxxp://45.91.8.70
hxxp://185.144.28.175
hxxp://31.44.185.182
hxxp://8.209.65.68
hxxp://45.134.27.228
hxxp://2.16.165.19
hxxp://185.251.89.108
hxxp://195.186.210.241
Massive Malware Serving Campaign Abuses Portmap A Web Based Port Forwarding Solution - An Analysis
0 comments - November 15, 2022
Sample VirusTotal Graph regarding the malicious campaign:
Profiling the Limbo Crimeware Malicious Software Release - An Analysis
0 comments - November 03, 2022
