Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Inside A Malware Campaign

published on 2014-01-20 12:12:00 UTC by Trojan7Malware
Content:
A while back I received some spam email with the theme of adding new friends of facebook. This is how I became aware of the campaign now known as the "Aqua VPN" campaign.

World renowned and internationally respected anti virus vendor MalwareBytes also blogged about this campaign here (thanks to @paperghost)

After gaining admin rights to the web panel I built a sjdb (silent java driveby) here is what I found.


Build options








More build options







Lets take a look at the available domains:







who.is of all those domains
(no need for aquavpn thats already well known)
osrsbot(.)net > http://who.is/whois/osrsbot.net
twitch (.)pw > http://who.is/whois/twitch.pw (trying to lure gamers thinking this is the real twitch url) << confirmed takedown by @vriesHd now this domain leads to a 502. 
ucam(.)me > http://who.is/whois/ucam.me
videoreaper(.)com > http://who.is/whois/videoreaper.com
live-stream(.)us > http://who.is/whois/live-stream.us
teentalk(.)us > http://who.is/whois/teentalk.us
rapid-miner(.)net > http://who.is/whois/rapid-miner.net

what a surprise! all registered by namecheap

Now for a scan of the .jar
(virustotal was down but I have scanned this file on there before)
in the meantime this will do http://nodistribute.com/result/OCP1Mox9mV02p

Add-on Domains!
If you want you can spend a little extra money and ill be honest, one of these domains is very good for social engineering.






riotpointgenerator(.)com > http://who.is/whois/RiotPointGenerator.com
leageuoflegends(.)com > http://who.is/whois/LeageuOfLegends.com

Both these registrars have had abuse reports sent and im awaiting response




Article: Inside A Malware Campaign - published almost 11 years ago.

http://trojan7malware.blogspot.com/2014/01/inside-malware-campaign.html   
Published: 2014 01 20 12:12:00
Received: 2021 06 06 09:05:03
Feed: Trojan7Malware
Source: Trojan7Malware
Category: Cyber Security
Topic: Cyber Security
Views: 0

Custom HTML Block

Click to Open Code Editor