Date: 08/18/2025
Severity: High
Summary
Dodi Repacks is a site known for distributing pirated games. It has a reputation for being safe or trustworthy on several piracy forums, where users frequently claim that using an adblocker like uBlock Origin ensures a secure experience. To test this assertion, a team attempted to download a game crack from the site with uBlock Origin enabled in the browser. Despite the adblocker being active throughout the process, the experience disproved the common belief circulated on piracy forums that "you're safe when downloading pirated content as long as you use an adblocker."
Indicators of Compromise (IOC) List
Domains\URLs: | directsnap.click readyf1.lol weeklyuploads.click |
Hash : | 5649F7535E388572096DDDCF3C50A66C51D189F31DC7769470E9A78C5B2EC34C
8EF22B49AF1D7E67657BCFAC9D02DD1BFCC1D3AE20D1BBCB1A60C99D023D18D5
0D24D4E72B7B22017C6FDE7B1A2DC1A1E1AD63B97B5811DC02C221AA68D9D00C
E575A3A2FBF1916D3AFB0A1ABFD8479C02B5B677550883F9A5D0E22EE738030A
04677C4C70D9F61F011B0AC744F2DC5353AC0D1B4AA5D9EC37A291968D2A0B79
EECDEA0F63F4E54D8EFB542700F37DA98865C0735D66D8ECF7E5E81AA64CFF20
|
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Domains\URLs: | domainname like "weeklyuploads.click" or url like "weeklyuploads.click" or siteurl like "weeklyuploads.click" or domainname like "readyf1.lol" or url like "readyf1.lol" or siteurl like "readyf1.lol" or domainname like "directsnap.click" or url like "directsnap.click" or siteurl like "directsnap.click" |
Hash : | sha256hash IN ("0D24D4E72B7B22017C6FDE7B1A2DC1A1E1AD63B97B5811DC02C221AA68D9D00C","E575A3A2FBF1916D3AFB0A1ABFD8479C02B5B677550883F9A5D0E22EE738030A","04677C4C70D9F61F011B0AC744F2DC5353AC0D1B4AA5D9EC37A291968D2A0B79","EECDEA0F63F4E54D8EFB542700F37DA98865C0735D66D8ECF7E5E81AA64CFF20","5649F7535E388572096DDDCF3C50A66C51D189F31DC7769470E9A78C5B2EC34C","8EF22B49AF1D7E67657BCFAC9D02DD1BFCC1D3AE20D1BBCB1A60C99D023D18D5")
|
Reference:
https://www.trellix.com/blogs/research/analysis-of-hijackloader-and-its-infection-chain/