Author Topic: New Zeus server?  (Read 11654 times)

0 Members and 1 Guest are viewing this topic.

March 08, 2010, 02:49:38 pm
Reply #15

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://podmena.us/new/k.phpIP 69.65.40.26
[cp05.buyhttp.com]
AS32181

March 08, 2010, 03:20:08 pm
Reply #16

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
hxxp://podmena.us/new/k.phpIP 69.65.40.26
[cp05.buyhttp.com]
AS32181

I'm not sure, but I don't think it is Zeus related.

http://answers.yahoo.com/question/index?qid=20100304163238AAd229o

While searching for it, I came across other malware from this domain.
Code: [Select]
podmena.us/1100_0005.exe
Ruining the bad guy's day

March 17, 2010, 07:24:26 am
Reply #17

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://cruelintentionsserv.com/gate.php

March 19, 2010, 10:56:10 am
Reply #18

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 188.124.16.51
[static.vit.com.tr]
AS44565

dropzone:
Code: [Select]
hxxp://leedsconsult.net/aaaa/gt.php
related malware
Code: [Select]
hxxp://leedsconsult.net/src/pussy.exemd5sum ===> 063cd9bae532acf1860a47816fd37c65
SHA256   ===> 51103edfe29efd9ac74b09077e19316c0f6e246b347575883ea0c5dd14da08ec
http://www.virustotal.com/analisis/51103edfe29efd9ac74b09077e19316c0f6e246b347575883ea0c5dd14da08ec-1268994649
VT 1/42 (2.38%)
Code: [Select]
hxxp://leedsconsult.net/src/brwsys.exemd5sum ===> d1fa86855c027d5a14c9955684aae676
SHA256   ===> c799d7953568dda714a8c585bdacd1949f985fb6cbbdeb73e2b6be21f8290feb
http://www.virustotal.com/analisis/c799d7953568dda714a8c585bdacd1949f985fb6cbbdeb73e2b6be21f8290feb-1268995447
VT 3/42 (7.15%)

March 21, 2010, 10:59:04 am
Reply #19

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 91.212.132.76
AS49091
Code: [Select]
hxxp://translatespanish.ru/adminks8kls/getinfo.php

March 21, 2010, 11:27:06 am
Reply #20

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
IP 91.212.132.76
AS49091
Code: [Select]
hxxp://translatespanish.ru/adminks8kls/getinfo.php

probably Zeus.

There is another Zeus domain on the same hots (freewhois.ru). same registrant. drop zone url contains getinfo.php too.
Ruining the bad guy's day

March 23, 2010, 07:30:57 am
Reply #21

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
probably Zeus:

IP 119.255.23.54
AS4837
Code: [Select]
hxxp://ogagarin.com/x29/go/nahiu_etot_tracker.php

April 01, 2010, 07:54:01 am
Reply #22

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
probably Zeus:

Code: [Select]
http://spiritnum.com/sokol/gate.php
Code: [Select]
hxxp://hard2luck.in/lx_auto_feedback_9823.phprelated:
Code: [Select]
hxxp://garant.ivano-frankivsk.ua/rrr.exemd5sum ===> 918dcb47b2c79da5316e956e785e3940
SHA256   ===> 2b4b4d660b36c392389280d73e8e89a2e7d4491ca9dbf885174f2e077eb6beb7
http://www.virustotal.com/es/analisis/2b4b4d660b36c392389280d73e8e89a2e7d4491ca9dbf885174f2e077eb6beb7-1270107539
VT 0/42 (0%)

May 24, 2010, 09:13:24 am
Reply #23

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: China - TCHINANET-BJ-METRO BeijingTelecom 
IP  121.101.216.210
AS4847
Registrant/Email Registrant: Peter Pitkin/pparkst@yahoo.com
Code: [Select]
hxxp://bewartokken.com/blog/SetNewPost.php