Operation HARKONNEN - German Speaking about aptnotes HOT 11 CLOSED

really? have you read this report?

from aptnotes.

It’s like a sale pitch. Couldn’t find any other reports getting deeper in a quick google search

from aptnotes.

Google for Win7.Generic (:

from aptnotes.

I skipped the sales guff, saw the description of a long targeted campaign that I saw had been previously tagged as crimeware and thought - ah that tends to be interesting.
But looking at the domains eg; http://totalhash.com/search/dnsrr:download-web-shield.com
yeah... that really does look like crimeware a sales guy has written up as something very different.

from aptnotes.

And I don't know how $150k comes from a few domains and ssl certs :)

from aptnotes.

This has been in various .il news past week. The only metadata/IOCs I found are here, like chris pointed
Yeah looks salesy overall. I'll keep an eye open for any hashes.

from aptnotes.

I saw that one. I was hoping to find some deeper analysing document. So far nothing found

from aptnotes.

Lots of samples available in german installers for freeware packed with typical adware https://malwr.com/analysis/ZGY4MGNjZDQ1NjZjNGQ4MTk2ZGZhYTg4Zjk4ODBjYTA/

from aptnotes.

https://www.virustotal.com/en/domain/amazon.com/information/
https://www.virustotal.com/en/ip-address/82.98.97.183/information/
https://www.virustotal.com/en/file/24d45dd46080a847876fa028e8b370397b99ba172384e3b82cbc2b76066c93d2/analysis/
https://www.virustotal.com/en/file/4bab75a8910f97820351e2d7a0b8ca448e6f9de6a7e3f42a0d22f4185f2580c6/analysis/

between 30-40/55 positives

from aptnotes.

I did found those. I was interested in the background of the operation (Harkonnen).

from aptnotes.

Dynamoo has some analysis on the same malware. This shows that it is adware, and not apt.
After collecting info and asking around, this report seems is a little too fantastic. Skipping this report. Thanks for the discussion!

from aptnotes.