Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    RoughTed

    Scheduled Pinned Locked Moved pfBlockerNG
    4 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BBcan177B
      BBcan177 Moderator
      last edited by

      Really great article by Jérôme Segura from Malwarebyte Labs on "RoughTed" campaign.

      https://twitter.com/BBcan177/status/867767239545688064

      The threat actors behind RoughTed have been leveraging the Amazon cloud infrastructure, in particular, its Content Delivery Network (CDN), while also blending in the noise with multiple ad redirections from several ad exchanges, making it more difficult to identify the source of their malvertising activity.

      I have also updated my MS_2 Feed accordingly:
        https://gist.github.com/BBcan177/4a8bf37c131be4803cb2

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      1 Reply Last reply Reply Quote 0
      • occamsrazorO
        occamsrazor
        last edited by

        @BBcan177:

        I have also updated my MS_2 Feed accordingly:
          https://gist.github.com/BBcan177/4a8bf37c131be4803cb2

        Hi,

        Sorry for the newbie question. If I want to add this as a DNSBL feed in pfBlockerNG…. what is the best exact link to use? I've only dealt with .txt and .zip links before and am a bit confused by the github links.

        Thanks.

        pfSense CE on Qotom Q355G4 8GB RAM/60GB SSD
        Ubiquiti Unifi wired and wireless network, APC UPSs
        Mac OSX and IOS devices, QNAP NAS

        1 Reply Last reply Reply Quote 0
        • B
          bartkowski
          last edited by

          There is a download ZIP button in Github, which points to: https://gist.github.com/BBcan177/4a8bf37c131be4803cb2/archive/396eb85f00418569cd5e82f71b9d96275163d970.zip

          Or the RAW format https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw/396eb85f00418569cd5e82f71b9d96275163d970/MS-2

          1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator
            last edited by

            @bartkowski:

            Or the RAW format https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw/396eb85f00418569cd5e82f71b9d96275163d970/MS-2

            Best to use the RAW format. Keep in mind that you need to remove the last part of the Gist URL or you will not download any further commits to the Gist.

            Here is the URL that can be used in the package:
            https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.