ℹ️ New walkthrough: Google ad ➡️ #FakeBat ➡️ #zgRAT
🔗 threatdown.com/blog/fakebat-0…
#malvertising #threatintel
New #SteelClover 's fake software: Sudoku (数独)😎Hosting IP is 185[.]166.197.238
#FakeBat #DEV0569 #Ursnif #RedlineStealer
🛑 More #FakeBat / #EugenLoader via Google Ads
Autodesk Maya spoofing site maya-autodes[.]cc download Maya-x64.msix from prezemp[.]com.
[+] bazaar.abuse.ch/sample/9e6e04c…
#SIGNED 'Fodere Titanium Limited'
1.- New #RedLine C2: 95.143.191.159:22876 (from https://alexsazo[.]com/1.jpg)
2.-…
Today's quick #malware analysis with #SecurityOnion : FAKEBAT, REDLINE STEALER, and GOZI/ISFB/URSNIF pcap from 2023-02-03!
Thanks to Brad for sharing this pcap!
More screenshots:
blog.securityonion.net/2023/02/quick-…
#infosec
#infosec urity
#ThreatHunting
#IncidentResponse
Malvertisers have moved beyond URL shorteners to compromising legitimate websites, broadening their targets. FakeBat stands out for its use of MSIX installers with heavily obfuscated PowerShell scripts. Learn more in our #ThreatAdvisoryTuesday update: okt.to/sgol2A