Blackhole - of all the packs that I've seen it has to be this one that we see the most.
The other day watching a redirect chain that was blocked I decided to research the part of the chain the unsuspecting user was protected from. The page landing page was a mess, obfuscated and gnarly to say the least. So I decided to run it through wepawet to see what it could do work through the obfuscation.
Wepawet came through wonderfully and yielded the following link/report:
Doublediet[dot]com Report
(http://wepawet.iseclab.org/view.php?hash=4bb5c0ea61443185406fa062237525bc&type=js)
It's awesome to see from start to finish the mechanics down to detecting the shellcode and payload.
Thanks to the Wepawet folks for an awesome tool and making it easy to read.
I am working on getting more time to play with the packs we see, and will hopefully be refining my means of pulling data and getting better at it.
-Paul
@demon117
No comments:
Post a Comment