Skip to content

Instantly share code, notes, and snippets.

@xanda

xanda/gist:abbed2d9bc28a417f00ede975faaa182

Created August 25, 2016 06:36
Show Gist options
  • Save xanda/abbed2d9bc28a417f00ede975faaa182 to your computer and use it in GitHub Desktop.
Save xanda/abbed2d9bc28a417f00ede975faaa182 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
view-source:http://sushi-king.com/v2/ compromised
redirect user ke TDS most likely kemudian akan di redirect ke exploit kit
At the moment dia redirect ke hxxp://blmfgsquv.ddnsking[.]com/wordpress/?bf7N&utm_source=le
dan historically turut redirect ke:
qchdxdevcf.ddnsking[.]com
ortjotbik.hopto[.]org
qjcaer.hopto[.]org
Incident ini telah mengganggu saya untuk melihat menu dan promosi soft shell crab yang sedang berlangsung. saya rasa teranianya. kezaliman ini harus segera dibenteras. BTW sushi king sudah pun mendapat persijilan halal dari jakim beberapa minggu lepas. Ini patut debela! saya mempunyai request khas untuk incident ini dikendali oleh analyst muda, Ramadhan, dan saya berhajat untuk mendapat maklumbalas tentang perlakuan yang dilbuat oleh TDS, kit yang terlibat, dan final payload dari kit tersebut. Harap beliau sudi menerima request ini sebagai cabaran.
Terima kasih
Hint: sushi-king -> pseudo Darkleech -> Angler (but yeah, Angler is dead. starting on the 19 of August 2016, Angler's infra including IPs and domains have been 'pindah milik' kepada Neutrino EK punya actor, and starting from end of July (final week of July), Neutrino has been used exclusively to serve CrypMIC ransomware.
Have a nice day. hehehe
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment