#FudHTTrack #FudTool #FudPages #HTTrack #PhishingKitType #phishing #phishingkit
The threat actor FudTool (aka FudPages) makes a phishing kit that relies on the HTTrack Website Copier.
The kit may contain text like
Fudtool[dot]su
FUDTOOL [.] RU
Created BY fudpages
FUDPAGES [.] RU
It will have several files at the root directory such as perhaps
\.htaccess
\eror.php
\kancha.php
\next.php
\next1.php
\login.php
\robots.txt
But what makes this one unique is has a sub folder such as
\signin_files
which was auto-generated by the tool "HTTrack Website Copier/3.x"
HTTrack Website Copier - Free Software Offline Browser (GNU GPL)
https://www.httrack.com/
HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility. It allows you to download a World Wide Web site from the Internet
example 1
md5 7475613294925a86a9d13f18ac5ee345
https://www.virustotal.com/#/file/f8c46c72fb952da1a013ad34a9d5761d1859998c6b5afe08565a689708d22b86/detection
http://linkconsultores.com.uy/file/OneDriveFiles.zip
example 2
md5 babb656cbe519fd32250119bd149aa10
https://www.virustotal.com/#/file/d96b5d599cd9473af97a12ca71b2a6da500794590c0ebb38bb63709d95f45060/detection
Comments
Post a Comment