Tag: Bunitu
Fobos Malvertising Campaign Delivers Bunitu Proxy Trojan via RIG EK
Originally posted at malwarebreakdown.com Follow me on Twitter Traffic from 03/21/18: The first part of the redirection chain shown above would be from the Fobos decoy site. The decoy site contains the following Base64 encoded string: The decoded string on the decoy site points to the next step in the redirection chain, the pre-landing page: Unpacked ...
Fobos Campaign Uses HookAds Template and Delivers Bunitu Proxy Trojan via RIG EK
Originally posted at malwarebreakdown.com Follow me on Twitter At closer inspection, it looks like Fobos is redirecting to the HookAds template (thanks Jerome for double-checking that for me). The decoy site that had redirected to HookAds on 03/07/18, shown HERE, is the same code found in this infection chain on 03/11/18. HTTP traffic: The decoy site contains ...
HookAds Campaign Is Back And Using RIG EK to Deliver Bunitu Proxy Trojan
Originally posted at malwarebreakdown.com Follow me on Twitter I haven’t posted anything on the HookAds campaign since 09/17/2017. Likewise, checking malware-traffic-analysis.net shows the last write up for HookAds on 08/01/17. According to Jérôme Segura, the campaign went away in late October, 2017, and started to resurface in late February, 2018. This is evident by a recent Twitter post from MrHazumhad which ...
Fobos Campaign Using RIG EK to Drop Bunitu Trojan
This campaign has been dubbed “Fobos” because the actors were using the registrant email address fobos@mail.ru. FireEye first published an article back in March 2017, that talked about Fobos in relation to RIG exploit kit called “Still Getting Served: A Look at Recent Malvertising Campaigns Involving Exploit Kits.” The article mentioned that they started tracking ...
Malware breakdown 