Tag: AZORult

Seamless Campaign Uses RIG EK to Drop Ramnit. Ramnit Drops AZORult.

I’m still seeing a lot of Seamless campaign out there. Let’s look at the HTTP requests and DNS queries from my most recent infection: We start out with the request for /usa, which redirects to /usa/ via a 301. /usa/ returns a page containing script that grabs the time zone information from the host. That ...

The Seamless Campaign Drops Ramnit. Follow-up Malware: AZORult Stealer, Smoke Loader, etc.

Although there continues to be an overall decrease in EK activity I’m still seeing a decent amount of malvertising leading to EKs. One campaign that I run into a lot is Seamless. It’s like other malvertising campaigns in that much of the traffic originates from streaming video sites. These kinds of sites make good targets ...