Takes you back doesn't it? What used to be a daily reality back in 2008 namely the use of iFrame injected scripts on major Web properties basically forwarding the redirecting legitimate traffic to client-side exploits serving web malware exploitation kits is still a valid practice in today's modern and sophisticated cybercrime ecosystem.Monday, February 06, 2023
A Peek Inside the Internet Explorer Zero Day Exploits Serving Campaign Affecting Thousands of Legitimate Sites Circa 2008 - An Analysis
Takes you back doesn't it? What used to be a daily reality back in 2008 namely the use of iFrame injected scripts on major Web properties basically forwarding the redirecting legitimate traffic to client-side exploits serving web malware exploitation kits is still a valid practice in today's modern and sophisticated cybercrime ecosystem.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
A Peek Inside a Google AdSense Rogue and Bogus Advertisement Campaign Impersonating Legitimate Software - An Analysis
As I've recently came across several mainstream news articles on the use of Google AdSense to serve malware I've decided to share several screenshots circa 2008 which basically demonstrate the process.Sample screenshots include:
Stay tuned!
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
A Peek Inside a DIY iFrame Embedded DDoS Attack Script Targeting Iran-Based Web Sites - An Analysis
Stay tuned!
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
A Peek Inside a Mass SQL Injection Scanning and Exploiting IRC Botnet - An Analysis
Who would have thought? A mass SQL injection scanning and remotely exploitable including fuzzing capabilities built-in IRC-based botnet? I've decided to share with everyone some sample screenshots on the process with the idea to raise everyone's awareness that what used to be once a rocket science is today's reality in specific back in 2008 when I originally took these screenshots.
Sample screenshots include:
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
A Peek Inside the Spack Web Malware Exploitation Kit - An Analysis
Dear blog readers,I've decided to share with everyone several sample screenshots of the infamous Spack web malware exploitation kit with the idea to raise everyone's awareness on the ease of use and easy to implement mass client-side exploitation tools on a mass scale.
Sample screenshots include:
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
A Peek Inside a Milw0rm Syndicating Remote Execution Flaws Exploitable IRC Scanning Botnet - An Analysis
Who would have thought? An IRC based botnet that's directly syndicating remotely exploitable flaws and actually scanning for them using an IRC based bothet? Takes you back doesn't it? This has been a daily practice since practically 2008 and I've decided to share some sample screenshots of the process in action.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
A Peek Inside the Xedant Human Emulator Spam Tool - An Analysis
Dear blog readers,In need of a decent example of a sophisticated spam tool that's truly capable to bypass any web site's anti-spam defense including basically any known CAPTCHA including to also automate the process to the point where the actual bad guys behind the infamous Xedant human emulator are truly capable of causing widespread spam havoc internationally? Think about the Xedant human emulator tool circa 2008.
Sample screenshots include:
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
A Peek Inside the Xrumer Spam Tool - An Analysis
Who would have thought? It's an unknown period of time within the cybercrime ecosystem and I've decided to share exclusive screenshots of the infamous Xrumer spam tool which basically used to and continues to dominate the spam marketplace by possessing a variety of advanced and sophisticated features making it easy for everyone to enter the world of spam globally.Sample screenshots include:
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
A Peek Inside A Web Malware Exploitation Kit - An Analysis
Dear blog readers,I've decided to share with everyone yet another post part of the "an image is worth a thousand words" blog posts series. Takes you back doesn't it? In this post I've decided to share with everyone a never released and published before screenshots of a well known web malware exploitation kit with the idea to showcase the ease of use and easy to implement client-side exploit vulnerabilities exploitation on a mass scale.
Sample screenshots include:
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
A Peek Inside the Zalupko Accounting Data Stealing Malicious Software Botnet - An Analysis
Who would have thought? Takes you back doesn't it? As I've been going deep inside my old threat intelligence archive circa 2008 I've decided to share with everyone several never published or released before screenshots of the Zalupko accounting data stealing malicious software release botnet with the idea to raise everyone's spirit in the field of fighting cybercrime and doing research and possibly take your research motivation higher.Sample screenshots include:
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Thursday, January 26, 2023
Exposing Russian Business Network's Mykhaylo Sergiyovich Rytikov's AbdAllah Internet Hizmetleri Bulletproof Hosting Provider on U.S Secret Service's Most Wanted Cybercriminals List
I've decided to share with everyone some actionable intelligence on one of the Russian Business Network's primary franchise networks in Turkey namely AbdAllah Internet Hizmetleri which back in the day used to be responsible for some pretty decent bulletproof hosting malicious and fraudulent cybercrime activity in particular to offer actionable intelligence on Mykhaylo Sergiyovich Rytikov it's owner who's currently on U.S Secret Service's most wanted cybercriminals list.
Known domains affiliated with AbdAllah Internet Hizmetleri:
hxxp://tiket[.]cc
hxxp://abdulla[.]cc
hxxp://privateforum[.]cn - upomajuliya745@gmail.com; xpj88kf@gmail.com; 316411856@qq.com
Related known domains affiliated with AbdAllah Internet Hizmetleri:
hxxp://ns1[.]srv4u[.]biz
hxxp://bulletproof-service[.]com - Email: support@hosting-offshore.biz - 202.83.212.250
hxxp://tarahost[.]net - Email: konstantin@karyaev.com - 89.108.73.93
Related domains known to have been registered by the same domain registrant:
hxxp://all-mafia[.]net
hxxp://shampanskoe[.]info
hxxp://mashost[.]org
hxxp://flexi-domains[.]com
hxxp://5pagess[.]net
hxxp://extrasoft[.]biz
hxxp://golovolomka[.]info
hxxp://optical-coatings[.]info
hxxp://polevoi[.]info
hxxp://belorussia[.]info
hxxp://3alab[.]com
hxxp://prezervativ[.]org
hxxp://brodyaga[.]net
hxxp://skramedia[.]com
hxxp://tarafree[.]com
hxxp://mp3-mmf[.]com
hxxp://myproga[.]net
hxxp://extrahost[.]su
hxxp://garanthost[.]com
hxxp://grand-host[.]net
hxxp://technormativ[.]info
hxxp://xp-hosting[.]net
hxxp://kredits[.]cn
hxxp://tarahost[.]biz
hxxp://tarahost[.]org
hxxp://optical-coatings-design[.]info
hxxp://extrasoft-outsourcing[.]info
hxxp://pm-tost[.]net
hxxp://pm-sotovik[.]net
hxxp://pm-ranlix[.]net
hxxp://pm-holland[.]net
hxxp://swlu[.]info
hxxp://valdiss[.]info
hxxp://karyaev[.]com
hxxp://x450[.]info
hxxp://grand-host[.]biz
hxxp://flexi-classifieds[.]com
hxxp://flexi-sitebuilder[.]com
hxxp://flexi-projects[.]com
hxxp://bloggast[.]info
hxxp://pereezd-pro[.]info
hxxp://eduaction[.]info
hxxp://wmnakovalnya[.]com
hxxp://retro80x[.]com
hxxp://tarafree[.]net
hxxp://skramedia[.]org
hxxp://oldactors[.]net
hxxp://tarahost[.]net
hxxp://janimation[.]net
hxxp://tarahost[.]com
hxxp://skramedia[.]biz
hxxp://vv-want[.]info
hxxp://skramedia[.]net
hxxp://olimp-sport[.]com
hxxp://youhouse[.]biz
hxxp://kroleki[.]com
hxxp://extrasoft-projects[.]info
hxxp://zelenaya[.]com
hxxp://cazinowm[.]com
hxxp://extrasoft-outsourcing[.]net
Related domains known to have been involved with AbdAllah Internet Hizmetleri:
hxxp://magic-jackpot-cas[.]com
hxxp://euro-vip-casino[.]com
hxxp://royal-casino-vip[.]com
hxxp://sexrusfuck[.]com
hxxp://royal-cas-vip[.]com
hxxp://2400-usd-casino[.]com
hxxp://royalcasino-vip[.]com
hxxp://2400usd-casino[.]net
hxxp://eurocasino-vip[.]com
hxxp://sinlife[.]cn
hxxp://byron-consulting-group[.]com
hxxp://28-07[.]com
hxxp://28-07[.]net
hxxp://job-consults[.]org
hxxp://837-86[.]org
hxxp://expressdeal[.]biz
hxxp://cron[.]li
hxxp://crons[.]cc
hxxp://cronos[.]mn
hxxp://crinc[.]mn
hxxp://crinc[.]li
hxxp://ultrasmoke[.]cn
hxxp://supersmoke[.]cn
hxxp://globalsmoke[.]cn
hxxp://937-86[.]org
hxxp://cronco[.]li
hxxp://tradegroup-ha[.]com
hxxp://ha-tradegroup[.]com
hxxp://crinc[.]jp
hxxp://tradegroup-ha[.]net
hxxp://investmentcron[.]cn
hxxp://glb-soft[.]com
hxxp://croninv[.]cc
hxxp://cronis[.]cn
hxxp://crons[.]ac
hxxp://cronn[.]eu
hxxp://dkebooks[.]com
hxxp://cronoi[.]cc
hxxp://jieod[.]com
hxxp://midgejs[.]com
hxxp://crin[.]ac
hxxp://aoejf[.]com
hxxp://yseac[.]com
hxxp://kaserid[.]com
hxxp://crin[.]cc
hxxp://jekdoe[.]com
hxxp://ujeose[.]com
hxxp://masiwer[.]com
hxxp://reusiwe[.]com
hxxp://kaoeds[.]com
hxxp://iwoser[.]com
hxxp://planet0day[.]biz
hxxp://xeirod[.]com
hxxp://neusoas[.]com
hxxp://geoepd[.]com
hxxp://efuyr[.]com
hxxp://ziude[.]com
hxxp://polsenstanford[.]com
hxxp://heyud[.]com
hxxp://woqkr[.]com
hxxp://seiudr[.]com
hxxp://aosier[.]com
hxxp://dueor[.]com
hxxp://crins[.]ac
hxxp://verbespecially[.]com
hxxp://fivejoy[.]com
hxxp://riverwomen[.]com
hxxp://trianglesentence[.]com
hxxp://floorside[.]com
hxxp://developtail[.]com
hxxp://womanfinish[.]com
hxxp://alwaysfell[.]com
hxxp://differcollect[.]com
hxxp://goodalso[.]com
hxxp://kingbrought[.]com
hxxp://findcharacter[.]com
hxxp://chanceexpect[.]com
hxxp://beardictionary[.]com
hxxp://forwardfield[.]com
hxxp://tinydown[.]com
hxxp://jobwhether[.]com
hxxp://numeralcity[.]com
hxxp://cronin[.]jp
hxxp://equalcatch[.]com
hxxp://streamwho[.]com
hxxp://selectmonth[.]com
hxxp://propercame[.]com
hxxp://grewsoil[.]com
hxxp://townslip[.]com
hxxp://stationheavy[.]com
hxxp://charactereven[.]com
hxxp://milk0soft[.]com
hxxp://goldverb[.]com
hxxp://windowlisten[.]com
hxxp://bqgqnfc[.]cn
hxxp://wrbhnuw[.]cn
hxxp://a9da6[.]org
hxxp://04ccc408[.]org
hxxp://bdb7beb6[.]org
hxxp://scalespread[.]com
hxxp://thencloud[.]com
hxxp://figurespoke[.]com
hxxp://fullfraction[.]com
hxxp://propertytall[.]com
hxxp://beautyfig[.]com
hxxp://hadover[.]com
hxxp://followsalt[.]com
hxxp://staysay[.]com
hxxp://herexcept[.]com
hxxp://thanscore[.]com
hxxp://humanthus[.]com
hxxp://branchfelt[.]com
hxxp://areacountry[.]com
hxxp://meetduring[.]com
hxxp://movestood[.]com
hxxp://stillverb[.]com
hxxp://suggesteye[.]com
hxxp://preparebut[.]com
hxxp://hurrysound[.]com
hxxp://cookcompare[.]com
hxxp://0daycod[.]biz
hxxp://europeansmoke[.]cn
hxxp://sprybog[.]net
hxxp://taybaol[.]com
hxxp://polsenstanford[.]com
hxxp://bconsgroup[.]com
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Exposing a Currently Active and Spreading Cobalt Strike Serving Malicious Software Campaign
Original malware hosting location: hxxp://bsctech[.]ac[.]th/css/43[.]exe
Sample C&C server domains known to have been involved in the campaign include:
MD5: d8d8cb60d196a26765261b1ca8604d1e
Sample C&C server IPs known to have been involved in the campaign include:
hxxp://5[.]253[.]234[.]40 -> hxxp://5[.]253[.]234[.]40/activity -> hxxp://5[.]253[.]234[.]40/activity/submit[.]php
Sample geolocation of the known C&C server IP:
hxxp://bpltjykhm[.]online
hxxp://51lqm[.]online
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
A Peek Inside a Zunker Botnet C&C Administration Panel - An OSINT Analysis
The following is basically several sample screenshots courtesy of the Zunker botnet C&C command and control interface which back in the day used to dominate the threat landscape including the sophisticated cybercrime ecosystem with some pretty interesting and sophisticated features.
Sample screenshots include:
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Comments (Atom)