SecurityOnline: EKFiddle v1.1.9 released: A framework to study Exploit Kits https://securityonline.info/ekfiddle-framework-study-exploit-kits/ #MalwareAnalysis #EKFiddle

Added #EKFiddle detection rules for new #Magecart skimmer.

entrydelt[.]sbs/check[.]js
entrydelt[.]sbs/loader[.]min[.]js
flagmob[.]quest/id[.]min[.]js
flowit[.]pics/logg[.]min[.]js
prijetech[.]shop/ww[.]min[.]js
sanpatech[.]shop/techs[.]min[.]js
vitalmob[.]pics/pre-loader[.]js

https://github.com/malwareinfosec/EKFiddle

Some updates to #EKFiddle (Fiddler extension)

- Set your own custom (fake) referer
- New upstream proxy UI (change external IP address)

https://github.com/malwareinfosec/EKFiddle

Lots of changes with #SocGholish recently.

There are some new URI patterns (no more report?r=).

Updated regexes for Fiddler's #EKFiddle extension can be found here: https://github.com/malwareinfosec/EKFiddle

Nice blog by Ben from #Sucuri:
https://blog.sucuri.net/2022/11/massive-ois-is-black-hat-redirect-malware-campaign.html

Hacked sites are redirecting to bogus Q&A pages.

They also abuse a Google open redirect.

Rules for #EKFiddle updated to detect this campaign: https://github.com/malwareinfosec/EKFiddle