GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Traffic from an infection filtered in Wireshark. Annotations indicate issues such as "fake verification pages from copy/paste script" and "malicious domains hosting BOINC project servers," as well as where the TLSv1.0 traffic starts.

Download link

https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/828/178/546/359/641/original/6a5bbcbe6aecc15f.png

Notices where this attachment appears

  1. Embed this notice
    Brad (malware_traffic@infosec.exchange)'s status on Wednesday, 15-Jan-2025 19:38:07 JST Brad Brad

    From social media posts I wrote for my employer at https://www.linkedin.com/posts/unit42_kongtuke-boinc-activity-7284986403476717568-InKv/ and https://x.com/Unit42_Intel/status/1879220778173870556

    2025-01-13 (Monday): Legitimate websites infected with #KongTuke script present "verify you are human" pages that ask victims to paste PowerShell script into a Run window. Lately, this has led to infections abusing the #BOINC platform. More info at: https://bit.ly/3DU2H2R

    A #pcap from an example of the infection traffic and the associated files/artifacts are available at https://www.malware-traffic-analysis.net/2025/01/13/index.html

    In conversation about 16 days ago from infosec.exchange permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.