Recent Posts

Pages: 1 ... 8 9 [10]
91
Malicious Domains / Re: daily something......
« Last post by techhelplist.com on March 31, 2015, 03:02:40 pm »
dridex downloads

botnet 120:
185.39.149.21/jsaxo8u/g39b2cx.exe
31.41.45.197/jsaxo8u/g39b2cx.exe
185.91.175.64/jsaxo8u/g39b2cx.exe
93.26.217.203/jsaxo8u/g39b2cx.exe
193.26.217.203/jsaxo8u/g39b2cx.exe

botnet 125:
www.geocult.it/54/78.exe
xianshabuchang.com/54/78.exe
92
Malicious Domains / Re: daily something......
« Last post by techhelplist.com on March 27, 2015, 10:58:29 am »
dridex botnet 125 malware downloads

pi2dancz.cba.pl/ford/445.exe
w47e4q423.homepage.t-online.de/joshua/74.exe
boysclub.web.fc2.com/mono/11.exe
stream1.sexrura.pl/rtd/43.exe
93
Malicious Domains / Re: daily something......
« Last post by techhelplist.com on March 26, 2015, 02:37:05 pm »
encrypted dyreza binaries for upatre to download

46.160.125.167/p2603us11.pdf
91.194.239.126/p2603us11.pdf
93.123.40.17/p2603us11.pdf
134.249.63.46/p2603us11.pdf
194.28.191.218/p2603us11.pdf
195.3.157.218/p2603us11.pdf
46.160.125.167/2603uk12.pdf
91.194.239.126/2603uk12.pdf
93.123.40.17/2603uk12.pdf
134.249.63.46/2603uk12.pdf
194.28.191.218/2603uk12.pdf
195.3.157.218/2603uk12.pdf



trapwot fake-av malware downloads (get params can change, use an IE user-agent)

liveoakresort.com/document.php?rnd=2211&id=9393939393
www.royalemanagement.com/document.php?rnd=2211&id=9393939393
carina-paris-hotel.com/document.php?rnd=2211&id=9393939393

94
Malicious Domains / Re: daily something......
« Last post by techhelplist.com on March 26, 2015, 12:47:42 pm »
trapwot fakeav malware downloads

avdl.ru/img/ppc.exe
avdl.ru/img/av.exe
avsrv.ru/img/av.exe
181.112.55.130/img/ppc.exe
181.112.55.130/img/av.exe
95
Malicious Domains / Re: daily something......
« Last post by techhelplist.com on March 25, 2015, 09:23:48 pm »
first one is andromeda, the rest are associated malware downloaded by the andromeda bot. thx to matt mesa for tracking them down.

54.149.214.13/and40a311.exe  andromeda
155.133.18.45/107fjr3.exe  lethic
155.133.18.45/112fjr3.exe
155.133.18.45/109fjr3.exe
155.133.18.45/121fjr3.exe
155.133.18.45/240fjr3.exe
54.149.214.13/ng40a311.exe
54.149.214.13/bet40a311.exe  betabot
54.149.214.13/nut40a311.exe  nutrino
54.149.214.13/dqnewand40a311.exe
54.149.214.13/110040a311.exe
155.133.18.45/85fjr3.exe
155.133.18.45/12fjr3.exe
96
Malicious Domains / Re: daily something......
« Last post by techhelplist.com on March 25, 2015, 12:28:31 pm »
dyreza downloads, encryped binaries not .doc files:

134.249.63.46/file2.doc
46.151.48.173/file2.doc
195.3.157.218/file2.doc
91.232.157.139/file2.doc
93.123.40.17/file2.doc
194.28.190.167/file2.doc

dridex download:

madasi.homepage.t-online.de/dbcfg/32.exe
97
Malicious Domains / Re: daily something......
« Last post by techhelplist.com on March 24, 2015, 11:15:51 pm »
trapwot fake-av malware download:

pitfaa.nidhog.com/document.php
ilarf.net/document.php
gurutravel.co.nz/document.php
www.lead.com.co/document.php

must use a windows user-agent and have get params like:

pitfaa.nidhog.com/document.php?rnd=9001&id=56565656656565
ilarf.net/document.php?rnd=9001&id=56565656656565
gurutravel.co.nz/document.php?rnd=9001&id=56565656656565
www.lead.com.co/document.php?rnd=9001&id=246924692469
98
Malicious Domains / Re: daily something......
« Last post by techhelplist.com on March 24, 2015, 05:37:14 pm »
dyreza downloads, encryped binaries not .doc files:

134.249.63.46/legas4.doc
46.151.48.173/legas4.doc
195.3.157.218/legas4.doc
91.232.157.139/legas4.doc
93.123.40.17/legas4.doc
194.28.190.167/legas4.doc
99
Malicious Domains / Re: daily something......
« Last post by techhelplist.com on March 24, 2015, 02:58:19 pm »
hancitor download

91.194.254.215/us/file.exe
100
Malicious Domains / Re: daily something......
« Last post by techhelplist.com on March 24, 2015, 01:20:25 pm »
dyreza downloads, encryped binaries not PNG files:

134.249.63.46/arrow4.png
194.28.190.167/arrow4.png
195.3.157.218/arrow4.png
46.151.48.173/arrow4.png
91.232.157.139/arrow4.png
93.123.40.17/arrow4.png


dridex downloads :

inesbrook.com/js/bin.exe
dogordie.de/js/bin.exe
wuppie.dyndns.org/js/bin.exe
Pages: 1 ... 8 9 [10]