Saturday, August 06, 2022
Massive Supply Chain Malware Campaign Affects Thousands of Github Repositories Drops Malware - An OSINT Analysis
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Exposing GCHQ's URL Shortening Service - An OSINT Analysis
I've recently decided to come up with a proper analysis on a well known GCHQ URL shortening service used for monitoring purposes where the ultimate goal would be to provide additional insights into its Internet-connected infrastructure and try to find additional links and connections between related campaigns courtesy of the GCHQ
Sample URL known to have been involved in the campaign:
hxxp://lurl.me
Related domains known to have been involved in the campaign include:
hxxp://mhhiuag.com
hxxp://lhgeesp.biz
hxxp://ciwcesp.com
hxxp://lhgeesp.net
hxxp://ciwcesp.biz
Sample related responding IPs known to have been involved in the campaign include:
hxxp://198.105.254.11
hxxp://37.220.34.116
hxxp://109.235.48.3
hxxp://64.74.223.47
hxxp://198.105.244.11
Sample screenshots include:
Rogue Twitter accounts known to have been involved in the campaign include:
hxxp://twitter.com/2009iranfree
hxxp://twitter.com/MagdyBasha123
hxxp://twitter.com/TheLorelie
hxxp://twitter.com/Jim_Harper
hxxp://twitter.com/angelocerantola
hxxp://twitter.com/recognizedesign
hxxp://twitter.com/akhormani
hxxp://twitter.com/FNZZ
hxxp://twitter.com/GlenBuchholz
hxxp://twitter.com/enricolabriola
hxxp://twitter.com/katriord
hxxp://twitter.com/ShahkAm147
hxxp://twitter.com/Pezhman09
hxxp://twitter.com/jimsharr
hxxp://twitter.com/blackhatcode
I'll continue monitoring the development of this campaign and I'll post updates as soon as new developments take place.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
In Retrospective - A New Malware Bot Vector Spotted in the Wild - An OSINT Analysis
I've recently came across to a new malicious software release that has some pretty interesting and what can be best described as advanced form grabbing features and I've decided to further elaborate on some of its key features which basically include advanced form grabbing features for a variety of applications and web services which makes the malicious software release a pretty important release in the context of introducing new and novel features within the cybercrime ecosystem.
Sample screenshots:
I'll continue monitoring the development of this malicious software release and I'll post updates as soon as new developments take place.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Posts (Atom)