Category Archives: malware hunting

It’s Clear We Need A Sorting Hat

A few of my earlier posts detailed some of the methods that I use to find malware. Those methods all essentially required you to actively hunt for malware. The exceptions being my articles on honeypots where we can “let the malware come to us”. Recently, I’ve been going through a really good classic book on malware analysis entitled “Malware Analyst’s… Read more »

Down A Rabbit Hole, Part 2

      1 Comment on Down A Rabbit Hole, Part 2

In the previous post, a run-of-the-mill tech support scam pop-up from the website apple-techsupport[.]online started us on our trip down a rabbit hole. Now I realize that our trip thus far hasn’t been all that unusual. These types of domain relationships are encountered routinely by  malware hunters. However, this is where it gets more unconventional… Here’s our Google search from… Read more »

Finding Malware On Your Own

In my previous post, I listed a number of websites that offer either malware collections or links to infected sites but what if you want to find your own infected sites (and malware)? Make no mistake, finding malware on your own is generally slow and tedious. One of the best ways that I’ve found to “stumble” upon an infected website… Read more »

One Way To Use Maltego To Find Malware

McAfee Labs published a blog post on 10 June 2016 entitled “‘Thrones’ Jon Snow Appears To Employ Neutrino Exploit Kit”. In that post, the author noted that many Neutrino-directing URLs have been using .top domain extensions. One of the examples he used was: hxxp://eilong.top He went on to point out that the threat actor in this case had registered the… Read more »