RoughTed
-
Really great article by Jérôme Segura from Malwarebyte Labs on "RoughTed" campaign.
https://twitter.com/BBcan177/status/867767239545688064
The threat actors behind RoughTed have been leveraging the Amazon cloud infrastructure, in particular, its Content Delivery Network (CDN), while also blending in the noise with multiple ad redirections from several ad exchanges, making it more difficult to identify the source of their malvertising activity.
I have also updated my MS_2 Feed accordingly:
https://gist.github.com/BBcan177/4a8bf37c131be4803cb2 -
I have also updated my MS_2 Feed accordingly:
https://gist.github.com/BBcan177/4a8bf37c131be4803cb2Hi,
Sorry for the newbie question. If I want to add this as a DNSBL feed in pfBlockerNG…. what is the best exact link to use? I've only dealt with .txt and .zip links before and am a bit confused by the github links.
Thanks.
-
There is a download ZIP button in Github, which points to: https://gist.github.com/BBcan177/4a8bf37c131be4803cb2/archive/396eb85f00418569cd5e82f71b9d96275163d970.zip
Or the RAW format https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw/396eb85f00418569cd5e82f71b9d96275163d970/MS-2
-
Or the RAW format https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw/396eb85f00418569cd5e82f71b9d96275163d970/MS-2
Best to use the RAW format. Keep in mind that you need to remove the last part of the Gist URL or you will not download any further commits to the Gist.
Here is the URL that can be used in the package:
https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw
