Author Topic: Trojan Ransom  (Read 97622 times)

0 Members and 1 Guest are viewing this topic.

February 11, 2013, 01:06:22 pm
Reply #270

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
hxxp://capitfoska.ru/

payload located at hxxp://mudoman.ru/codfullhdxavi.exe

use
Code: [Select]
http://capitfoska.ru as referer to access download.

Code: [Select]
GET /codfullhdxavi.exe HTTP/1.1
Host: mudoman.ru
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17
Referer: http://capitfoska.ru/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.3

HTTP/1.1 200 OK
Server: nginx/1.2.6
Date: Mon, 11 Feb 2013 13:03:18 GMT
Content-Type: application/x-msdos-program
Content-Length: 1742695
Connection: keep-alive
Last-Modified: Mon, 11 Feb 2013 07:10:04 GMT
ETag: "38c0fe3-1a9767-4d56d991feb00"
Accept-Ranges: bytes

April 30, 2013, 12:10:50 pm
Reply #271

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
Code: [Select]
hxxp://df.pizdafyqib.ru/administrator/weather.php?browse=151
Sweet Orange EK, payload trojan ransom.

http://wepawet.iseclab.org/view.php?hash=81bf0f995a58bb166945671fc638681a&t=1367323769&type=js

May 02, 2013, 05:51:32 pm
Reply #272

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
Sweet Orange EK, serving trojan ransom as payload.
Quote
hxxp://wsd.nuwazy.ru/sites/oplata/codestariff/themes.php?strategy=154

http://wepawet.iseclab.org/view.php?hash=ac261ed869a63d3224d021f64ce04757&t=1367516936&type=js

May 03, 2013, 05:52:05 pm
Reply #273

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
Sweet Orange EK, payload trojan ransom.
Code: [Select]
hxxp://za.omovigminet.ru/bugs/books/partner/themes.php?strategy=156
http://wepawet.iseclab.org/view.php?hash=59e133adcb8a8d34197cbc4f789e5549&t=1367603453&type=js

April 04, 2016, 12:39:03 pm
Reply #274

Gnomo

  • Newbie

  • Offline
  • *

  • 1
www.moorelegacygroup.com/ZNru8f.exe

Ransom Locky loaded by email malware.

Site owner has  been contacted on 3/29/16 no answer yet, link is active.

Regards