IMPORTANT ANNOUNCEMENT FOR EVERYONE USING ACTIVITYPUB PROTOCOL!
#mastodon #pleroma #fediverse #malware #important #hotoilyjigglyboobsinmyfacebouncingandmoaning
@nugger @psyopsu @rees @MMS21 @BlinkRape @cute @lebronjames75 @coolboymew @worldisrotting
76398 author: Hyperhidrosis@shitposter.world
06 Apr 2024 19:43
tags: #fediverse #important #malware #mastodon #pleroma
to: https://5dollah.click/users/psyopsu https://breastmilk.club/users/rees https://poa.st/users/cute https://poa.st/users/nugger https://posting.lolicon.rocks/users/BlinkRape https://seal.cafe/users/MMS21 https://seal.cafe/users/worldisrotting https://shitposter.world/users/coolboymew https://shitposter.world/users/lebronjames75
tags: #fediverse #important #malware #mastodon #pleroma
to: https://5dollah.click/users/psyopsu https://breastmilk.club/users/rees https://poa.st/users/cute https://poa.st/users/nugger https://posting.lolicon.rocks/users/BlinkRape https://seal.cafe/users/MMS21 https://seal.cafe/users/worldisrotting https://shitposter.world/users/coolboymew https://shitposter.world/users/lebronjames75
Itβs only day 2 of the #HuntressCTF but Iβve been having a ball trying to complete the challenges before my work day starts. However the windows #malware challenged has got me stumped, also why is it so damn hard to spin up a #windows VM in2024 ?!
Here is a traffic distribution system (TDS) in action. Fairly often when talking about TDS, I get the rebuttal: when i visited that domain, i only saw parking. Exactly. That's the point. :) A malicious TDS is like a router for malware -- the goal is to bring the best victims to the best malicious offering. And to play dead when it looks like they might be caught, aka look like parking or search ads.
What these images show is the difference between visiting the site tokclix[.]live from a scanner (urlscan) versus from a real Android phone. The former leads you to (sketchy) search arbitrage and the latter is classic scareware. This is what a TDS does.
Found this particular one while researching search arbitrage so it is fairly random. started with an old post on BlackHat World but the domains were all still live. On the screen capture you can see the redirects through the TDS.
The imgur video shows the original click to scareware -- watch the redirects.
#InfobloxThreatIntel #tds #dns #malware #threatintel #cybercrime #cybersecurity #infosec #scam #phishing
A funny phishing targeting GitHub users with an email notification about a security issue on a existing repository.
Then the captcha verification on a malicious website is trying to trick the user to run a shell command on Windows.
π Powershell to be executed by the user
https://gist.github.com/adulau/6cf6f3e9c5bbd9106af8814d0a22f473
π File downloaded https://pandora.circl.lu/analysis/21e8f693-361b-4a04-853c-276f9dd841e4/seed-1XqUr4mADaFYlLAyrBH8oQUBgOoEbceZ586b8h05YyA - Lumma Stealer
π Malicious domain analysis. https://lookyloo.circl.lu/tree/91106035-dfec-4acc-af06-c9fc36c62774
