#FudTool #FudToolSu #FudToolRu #FudPages #PhishingKitAuthor #phishing #phishingkit
#threatactoremail fudpages@gmail.com
Fudtool[dot]su
FUDTOOL [.] RU
fudpages@gmail.com
Created BY fudpages(doit)com
Created BY fudpages
FUDPAGES [.] RU
example 1
abc845784335374ecb86cc7d9f105ba7
https://www.virustotal.com/#/file/3e76cff314a6b4fef91784f8fab3f21e985f68bd9aa909cdca0245611a3f8757/detection
example 2
070a0ebacac551e86ed00e1118f9a969
https://www.virustotal.com/#/file/bcb77cbee636b93320b7f2bcd302e57f32bdc3a8ad34beb95c5e74a3a6d3dc63/detection
example 3
69b3f69e5a2b02338fe6577c62d7bf2e
https://www.virustotal.com/#/file/c40dc9c4da50c7bbe85c0c88cc2ee2b98ff44104d1bea87ad01fceb1e485b6cc/detection
Note:
I am confident that FudTool and FudPages are the same threat actor
See more about FudTool here ( https://phishingkittracker.blogspot.com/2019/05/fudtool-phishing-kit-author.html )
I am confident of this link because of these 2 phishing kits
example 5
https://www.virustotal.com/#/file/d96b5d599cd9473af97a12ca71b2a6da500794590c0ebb38bb63709d95f45060/detection
md5 babb656cbe519fd32250119bd149aa10
example 6
https://www.virustotal.com/#/file/f8c46c72fb952da1a013ad34a9d5761d1859998c6b5afe08565a689708d22b86/detection
md5 7475613294925a86a9d13f18ac5ee345
because both had identical files including "kancha.php" and mispelled "eror.php" yet the only difference was in "next1.php" where one said
FUDPAGES [.] RU
and one said
Fudtool[dot]su
example 7:
on 5/27/2019 #DocPreview
md5 889923c97a23cd4ef48c153c9c2ad294
hxxp://thirtieth-shift[.]000webhostapp[.]com/
Comments
Post a Comment