Author Topic: Ransomeware Troldesh from website..  (Read 905 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Ransomeware Troldesh from website..
« on: June 17, 2019, 04:39:08 PM »
Re: https://urlhaus.abuse.ch/url/209681/
issues: https://observatory.mozilla.org/analyze/topphanmem.net
hardened by abusers? - .\>https://webhint.io/scanner/f37d44d7-705d-4c09-941e-85dcea7d7170
Blacklisted - javascript malware found: https://sitecheck.sucuri.net/results/topphanmem.net
WordPress - Version does not appear to be latest
See: https://urlscan.io/result/c20b9c6c-5e3b-4692-87c8-8d0513a5dc04
6 engines detect: https://www.virustotal.com/gui/url/1bdb95e05cb47745f3d921d1a38b55398aae0e95bca17433529f28613aeb49a7/detection
dom-xss issues: Results from scanning URL: -http://topphanmem.net/wp-includes/js/wp-embed.min.js
Number of sources found: 149
Number of sinks found: 25

Retire.js
jquery   1.12.4   Found in -http://topphanmem.net/wp-includes/js/jquery/jquery.js
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

polonus (volunteer website security analyst & website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Ransomeware Troldesh from website..
« Reply #1 on: June 17, 2019, 05:20:34 PM »
The javascript malcode give aways: Unexpected 'eval'; use of single quotes 9several) ; Expected '=>' and instead saw '>';
decoding - simply replace eval with alert.

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!