Monday, May 29, 2017

Historical OSINT - Mac OS X PornTube Malware Serving Domains

Cybercriminals continue to actively launch maliciuos and fraudulent malware-serving campaigns further spreading malicious software potentially compromising the confidentiality availability and integrity of hte targeted host to a multit-tude of malicious software further spreading malicious software while earning fraudulent revenue in the process of monetizing access to malware-infected hosts.

We've recently intercepted a currently active portfolio of rogue/fake/ PornTube malicious and fraudulent domains, with the cybercriminals behind the campaign earning fraudulent revenue largely relying on the utilization of an affiliate-network based revenue-sharing scheme.

In this post we'll profile the campaign, provide actionable intelligence on the infrastructure behind it, and discuss in-depth the tactics techniques and procedures of the cybercriminals behind it.

Known to have been parked within the same malicious IP (93.190.140.56) are also the following malicious domains:
hxxp://playfucktube.com
hxxp://mac-videos.com
hxxp://xhottube.net
hxxp://playfucktube.comtubeporn08.com
hxxp://porn-tube09.com
hxxp://tubeporn09.com
hxxp://xxxporn-tube.com
hxxp://playfucktube.com
hxxp://allsoft-free.com
hxxp://all-softfree.com
hxxp://lsoftfree.com
hxxp://porntubenew.com
hxxp://pornmegatube.net
hxxp://xhottube.net

We'll continue monitoring the campaign and post updates as soon as new developments take place.