2014-02-06 - Connect the dots
And real name of Magnitude is....
Magnitude from Community |
You may have noticed a rise in Magnitude occurrence past days. This helped me in connecting the dots.
When GrandSoft talked about the remaining Exploit Kits in November 2013 he mentioned :
- нейтрино
- оранж
- магнитуда
- топэксп
so
Neutrino
Sweet Orange
Magnitude
TopExp
I was wondering why he was not mentioning Styx, Sakura and Nuclear which were all still here at that time but the TopExp got my attention...
I saw that post underground :
Предоставляю связку за % от трафа |
--------------------------------------------
Предоставляю связку за % от трафа
Всех приветствую! предоставляю связку за процент от траффа бьющие только IE.
НЕ ПРИНИМАЕМ СТРАНЫ: СНГ, небольшие страны азии, востока, африки и южной америки):
A1 A2 O1 SU RU UA BY UZ KZ GE AZ LT MD LV KG TJ AM TM JP JA CN TH VN ID MY TZ PH RO SG
TT YE LK PK SA BG UY RS OM IQ KW DO SV TN KE EU NP BD MN SK CR JO LU BB MU NI AP BS MQ
NG CY BO AO PY MK GU BH SI NA LB BA BN GD LA BZ PG ZM SY LY SD HT MO PS UG GF RE AF SN
LR NC KH GP BW HN AW PF CW VI IS KN AG BM GY DM MT BT MZ EE GL CI MG MV MC GA CD LI GQ
ZW CM SR JE DJ CV SZ ME FJ LC KY GH SB VU ET RW MW ER LS EG AE TW ZA
За контактом в ПМ.
--------------------------------------------
Translated as :
--------------------------------------------
Give a bunch of cores per%
All welcome! give a bunch for a percentage of traffa beating only IE.
DO NOT TAKE THE COUNTRY: CIS, small countries in Asia, East, Africa and South America):
A1 A2 O1 SU RU UA BY UZ KZ GE AZ LT MD LV KG TJ AM TM JP JA CN TH VN ID MY TZ PH RO SG
TT YE LK PK SA BG UY RS OM IQ KW DO SV TN KE EU NP BD MN SK CR JO LU BB MU NI AP BS MQ
NG CY BO AO PY MK GU BH SI NA LB BA BN GD LA BZ PG ZM SY LY SD HT MO PS UG GF RE AF SN
LR NC KH GP BW HN AW PF CW VI IS KN AG BM GY DM MT BT MZ EE GL CI MG MV MC GA CD LI GQ
ZW CM SR JE DJ CV SZ ME FJ LC KY GH SB VU ET RW MW ER LS EG AE TW ZA
For contact : PM.
--------------------------------------------I guess this is the reason for the rise in Magnitude events those days.
Being asked for the CVE he wrotes :
CVE-2012-0507
CVE-2013-2551
CVE-2013-2471
Hum... match what is remaining in Magnitude (Flash exploit was only a downloader, (not CVE-2013-0634) and no more CVE-2011-3402 (Duqu Like Font Drop)
and :
Says he uses it since two years |
I should have connected the dots before. In may the "backend" domain for stats/threads of what was called popads (aka Magnitude) was :
http://topexpstat .com/
69.64.50.203
So...Magnitude is : top-exp
But hey...Magnitude sound better no ? (Thanks Will ! :) )
Where is Magnitude now ?
184.172.109.156
and yesterday ?
184.172.109.155
Here is the manual :
http://pastebin.com/raw.php?i=HkAxAaFd
Google Translated:
http://pastebin.com/raw.php?i=mRHYYK5a
Seems Nuclear is now taking a big part of the cake.
Read More :
Deobfuscating Magnitude Exploit Kit - 2013-11-11 Darryl - KahuSecurity
Magnitude EK : Pop Pop ! - 2013-10-26