Tags » Malvertising

How tech support scammers have made millions of dollars

Ahhh, the sweet smell of revenge! Nothing like unleashing some ransomware on those tech support scammers, eh?

However, fortunately for them, there aren’t hours enough in the day to turn the tables on the swindlers and social-engineer their pants off. 1,069 more words

Featured

Hacked Sites Redirecting Users to Various Malvertising Campaigns

I had somebody contact me via my Contact page saying that they found my post on the Seamless campaign leading to RIG exploit kit. They had told me that they had received an email with the following link multitaskcleaners[.]co[.]uk/giftwrap.php?1702. 1,415 more words

IOCs

Malvertising Campaign Leading to RIG Exploit Kit Dropping Ramnit Banking Trojan

On April 5th, 2017, the Twitter user thlnk3r sent a message to Brad and myself about a malvertising chain using onclkds.com to redirect hosts to RIG exploit kit. 986 more words

IOCs

RIG EK at 5.200.52.238 Drops Ransom Locker

The infection chain started with recreating a portion of a malvertising chain. The malvertising chain redirected the host to a RIG exploit kit landing page. Below is the infection chain: 1,078 more words

IOCs

Tillerson Without The Trojans

NOTE: I have copied the entire text of this article in order to get around what is likely advertising-based malware from Deep State.  This text will be removed promptly at the request of the author or her company.   4,741 more words

Politics

RIG EK at 92.53.127.21 Drops Dreambot

IOCs:

  • 209.126.118.90 – cominents.gdn – Fake ad infrastructure. Server returned RIG’s pre-filter page which contained the URL for the landing page
  • 92.53.127.21 – try.werrew.info – RIG EK…
  • 476 more words
IOCs

ipfilterX Codename Yeats

>Date 24/02/2017

>UPDATES:

-Blocked Threats: 49
-Updated Threats: 2
-IP Added Record: +9K(x1)§+13K(X2)
-Deleted:(-)
-Merged/Extended:(7)

>COUNTRIES INVOLVED:

>Parsed lines/entries:22K Found IP ranges:22K Duplicate:0 Merged:0 Time:0 secs… 88 more words