#FudMultiBrand #FudTool #FudPages #PhishingKitType #phishing #phishingkit
The threat actor FudTool (aka FudPages) makes a phishing kit that is generic and targets multiple brands like Yahoo, Gmail, AOL, etc.
The kit may contain text like
Fudtool[dot]su
FUDTOOL [.] RU
Created BY fudpages
FUDPAGES [.] RU
VVINDOWS (Notice is is 2 V's instead of a W)
ReZulT
The index.php is generic and offers a choice of signins like Gmail, AOL, Windows, yahoo, etc.
Then many of the extra files are 2 or 3 letter names such as
AA1.htm (AOL Phish)
AA1.php (AOL Phish)
GGC.htm (Gmail Phish)
GGC.php (Gmail Phish)
LL1.htm (Windows Phish)
LL2.php (Windows Phish)
OT.htm (Generic Phish)
OT.php (Generic Phish)
YY.htm (Yahoo Phish)
YY1.php (Yahoo Phish)
Each htm referenced www.sitepoint.com to grab MaskedPassword.js
verification.php references Google Captcha
e.g.
"Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29tCg=="
which decodes to
botguard-contact@google.com
example 1
md5 fd8d58053d947ad17dce49f707f4846a
https://www.virustotal.com/#/file/a9d405875eafc65a6159c7e8c6a56bf8afef06ce67ab3e5e5e50e56133a2559d/detection
http://seirawa.com/..ll/azn.zip
example 2
from 5/24/2019
md5 8c52119a9d3337912507b05c7f13f75b
https://onedrivees.com/onedrive.zip
References
https://urlscan.io/result/ea3be793-d63a-4be6-9053-b7e107dbadd7/ ( seirawa.com )
Comments
Post a Comment