MalasadaTech

@[email protected]
18 Followers
35 Following
154 Posts

ALOHA! This is my "Independent Researcher" persona. I post about things that I enjoy researching and analyzing during my personal time.

"Views are my own, not my employer’s. All research is done independently, on personal time and resources. Tools or references used are unaffiliated with my employer."

Webhttps://malasada.tech
Show threadMalasadaTechNov 19, 2024

Two more on today's check. Pretty cool.

bajcgicdiinbegb[.]top
cfverclsid[.]top

MalasadaTechNov 7, 2024

7-Zip #FakeApp observed serving #NetSupportRat

https[:]//7zlp2024[.]shop

>>

0511file24.msix (b3a95ec7b1e7e73ba59d3e7005950784d2651fcd2b0e8f24fa665f89a7404a56)

MGJFFRT466
NSM301071

62.76.234[.]49:443

MalasadaTechNov 6, 2024

Observed a few possible upcoming #KeitaroTDS domains via Silent Push. Found in research, not observed in any compromised sites yet. #SocGholish #TA569.

designinteractiveplatform[.]club
ajaxapiendpoint[.]cloud
codingmastermindhub[.]club
apivuecomponent[.]com

MalasadaTechNov 3, 2024

Observed a new beginning part of the delivery chain for #LandUpdate808

hxxps[:]//mercro[.]com/web-metrics.js

Found in Silent Push. Can't get the next part yet.

https://urlscan.io/search/#mercro.com

Search - urlscan.io

urlscan.io - Website scanner for suspicious and malicious URLs

Show threadMalasadaTechSep 22, 2024
Just updated WHOIS on 20SEP24...
MalasadaTechSep 22, 2024

Edge-themed Fake Update:

edgeupgrade[.]com

Clicking the update button serves hxxps[:]//elrifeno[.]com/temp/Install_x64.exe (44faed020d5d8b29918a3f02d757b2cfada67574cf9e02748ea7f75ba5878907)

This is related to the other fake update sites below that ET is already tracking:

updatechrllom[.]com
mozilaupgrade[.]com
javadevssdk[.]com

MalasadaTechAug 18, 2024

Another possible upcoming #SmartApeSG domain found in research, not from anything injected into a compromised site.

carnivalsale[.]com/cdn-vs/original.js

As seen here: https://urlscan.io/result/274908d4-e989-49a3-ba9f-982eed384d56/

carnivalsale.com - urlscan.io

urlscan.io - Website scanner for suspicious and malicious URLs

MalasadaTechAug 18, 2024

Another possible upcoming #SmartApeSG domain found in research, not from anything injected into a compromised site.

boylegmfg[.]com/cdn-vs/original.js

As seen here: https://urlscan.io/result/24389cf6-1dbc-4c42-a1bf-eacf6cb97947/

boylegmfg.com - urlscan.io

urlscan.io - Website scanner for suspicious and malicious URLs

MalasadaTechAug 11, 2024

Another possible upcoming #SmartApeSG domain found in research, not from anything injected into a compromised site.

gxsicmj3l[.]top/cdn-vs/original.js

As seen here:
https://urlscan.io/result/d1e01c92-13b9-47d7-8931-4912b43e0956/

I'm starting to wonder how frequently they cycle through their domains.

gxsicmj3l.top - urlscan.io

urlscan.io - Website scanner for suspicious and malicious URLs

MalasadaTechAug 11, 2024

Another possible upcoming #SmartApeSG domain found in research, not from anything compromised.

giorja[.]com/cdn-vs/original.js

As seen here:
https://urlscan.io/result/d269516c-475f-4cdf-b9d6-d11d51ba3efb/

Also, the one for the bankbates from yesterday... https://urlscan.io/result/df265447-ecef-4337-be43-b1ac7436e6e7/

giorja.com - urlscan.io

urlscan.io - Website scanner for suspicious and malicious URLs