Tags » Malvertising

Tillerson Without The Trojans

NOTE: I have copied the entire text of this article in order to get around what is likely advertising-based malware from Deep State.  This text will be removed promptly at the request of the author or her company.   4,741 more words

Politics

RIG EK at 92.53.127.21 Drops Dreambot

IOCs:

  • 209.126.118.90 – cominents.gdn – Fake ad infrastructure. Server returned RIG’s pre-filter page which contained the URL for the landing page
  • 92.53.127.21 – try.werrew.info – RIG EK…
  • 476 more words
IOCs

ipfilterX Codename Yeats

>Date 24/02/2017

>UPDATES:

-Blocked Threats: 49
-Updated Threats: 2
-IP Added Record: +9K(x1)§+13K(X2)
-Deleted:(-)
-Merged/Extended:(7)

>COUNTRIES INVOLVED:

>Parsed lines/entries:22K Found IP ranges:22K Duplicate:0 Merged:0 Time:0 secs… 88 more words

HookAds Malvertising Redirects to RIG-v EK at 217.107.219.99. EK Drops Ursnif Variant Dreambot.

IOCs:

  • 104.27.134.78 – multimediaz.net – Website hosting script for onclickads.net
  • 206.54.163.4 – onclickads.net – Checks Flash. Redirects to onclkds.com.
  • 206.54.163.50 – onclkds.com – Returns “302 Moved Temporarily,” new location is set to avatrading.org…
  • 1,171 more words
IOCs

ipfilterX Codename Whydah

>Date 17/02/2017

>UPDATES:

-Blocked Threats: 80
-Updated Threats: 4
-IP Added Record: +11k
-Deleted:(-)
-Merged/Extended:(7)

>COUNTRIES INVOLVED:

>Parsed lines/entries:22K Found IP ranges:22K Duplicate:0 Merged:0 Time:0 secs… 89 more words

Malware is Malware... except when it isn’t

So block anomalous activity first and ask questions later (please).

As IT professionals (and logical human beings) we have been taught to analyze a situation first and then act based on knowledge gained from the analysis. 600 more words

Enterprise

BossTDS and Exploit Kits

Download the Appendix – bosstds-and-exploit-kits.xlsx

Appendix A – DNS resolutions for 188.68.252.146.
Appendix B – Advetisement page Whois information.
Appendix C – Host pairs.
Appendix D… 2,932 more words

Exploit Kit