As I continue to hunt for various lures and redirects for the Jupyter Infostealer, outlined in my previous article, I am amazed at the vast array of searches that lead to the malware! I took a game I enjoy and decided to search for that, using known "initial" pages where the redirects have been seen.
Oh.... they got Dragon Quest too! This makes me sad....
As it is, I've found several other links just like this and so far all of the ones I've found in the last couple days end up landing on the same file Hash (different name of course) as the one in my previous article.
Hash: da2eb36e763ecf1a47532e9f8efeacb7
Again, also many redirects involved, mostly .tk TLDs. I suspect these large droppers are being rotated out on some schedule, monthly perhaps. So maybe I won't run into a new sample dropper and .DLL for a bit. If anyone finds anythign different, please let me know!
Comments
Post a Comment