Tag: AZORult
Seamless Campaign Delivers Ramnit via RIG EK at 188.225.82.158. Follow-up Malware is AZORult Stealer.
Note: I took a bit of break, but I will try to get back to posting more regularly. Today’s infection chain is a familiar one as it includes the Seamless campaign delivering Ramnit banking Trojan via RIG exploit kit. Below is an image of the infection chain, specifically the HTTP requests: The infection chain starts ...
Seamless Malvertising Campaign Leads to Rig EK and Drops Ramnit. Follow-up Malware is AZORult Stealer.
I decided to go hunting for some malvertising today and got redirected to a Seamless gate, which of course redirected me to RIG EK. For those of you who don’t know about the Seamless campaign, click HERE. Also, my archived posts on the Seamless campaign can be seen HERE. Let’s begin by peeking at the infection ...
Seamless Campaign Uses RIG EK to Drop Ramnit. Ramnit Drops AZORult.
I’m still seeing a lot of Seamless campaign out there. Let’s look at the HTTP requests and DNS queries from my most recent infection: We start out with the request for /usa, which redirects to /usa/ via a 301. /usa/ returns a page containing script that grabs the time zone information from the host. That ...
The Seamless Campaign Drops Ramnit. Follow-up Malware: AZORult Stealer, Smoke Loader, etc.
Although there continues to be an overall decrease in EK activity I’m still seeing a decent amount of malvertising leading to EKs. One campaign that I run into a lot is Seamless. It’s like other malvertising campaigns in that much of the traffic originates from streaming video sites. These kinds of sites make good targets ...
Malware breakdown 