Author Topic: New files for Zeus servers  (Read 55123 times)

0 Members and 1 Guest are viewing this topic.

November 09, 2011, 03:41:58 pm
Reply #315

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
IP Location: Russian Federation  - ANDERS-AS
IP 87.251.154.13
[t41.e61.su]
AS39792
Name Server: DNS01.GPN.REGISTER.COM | DNS02.GPN.REGISTER.COM | DNS03.GPN.REGISTER.COM | DNS04.GPN.REGISTER.COM | DNS05.GPN.REGISTER.COM
Registrant/Email Registrant: alva gregory /livemeee@gmail.com
hxxp://torscandpower.com/salvador1conf/settings.bin             md5sum ===> 6c8b645a1ef7440f7d0de508e2431e71
hxxp://torscandpower.com/memo1conf/settings.bin                 md5sum ===> 70fe2b44f369e736db3636f3358d9ca8
hxxp://torscandpower.com/salvador1conf/redir.php
hxxp://torscandpower.com/memo1conf/redir.php
hxxp://torscandpower.com/salvador1conf/config.php
hxxp://torscandpower.com/memo1conf/config.php

November 09, 2011, 06:26:45 pm
Reply #316

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
New md5sum

Code: [Select]
hxxp://softmarket-drom.ru/adminochka/serv/forum/incom/winxpsp_ver209221.msi           md5sum ===> a487d677e9a24bdbcd0a392695593060
hxxp://softmarket-drom.ru/adminochka/serv/forum/incom/winxpsp_ver209221.exe           md5sum ===> a63a197f3b3e3133a3405fdf48f49851
http://www.virustotal.com/file-scan/report.html?id=cadba6d9f9375a5cfe939497b70f760c96254a10e661a858f0eb5889635fa85c-1320862350
VT 14/42 (33.3%)

November 15, 2011, 04:06:37 pm
Reply #317

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://softmarkets.ru/adminochka/adm2/forum/incom/winxpsp_KB2313165.msi         md5sum ===> a0c1b56d13218b77d53ef89b80f2dd6c
hxxp://softmarkets.ru/adminochka/adm2/forum/incom/winxpsp_KB2313165.exe         md5sum ===> bfa4f706bff49e6c3c04e714106bcdb0
hxxp://softmarkets.ru/adminochka/adm2/message.php
http://www.virustotal.com/file-scan/report.html?id=1c3048ce4f9b1030fdfd3a1a5d9bae4c96164bc5cf38dbe497689b9aaa74e416-1321372357
VT 19/41 (46.3%)


Code: [Select]
hxxp://87.251.154.13/spring1conf/redir.php

November 18, 2011, 03:33:11 pm
Reply #318

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Ukraine - Infium Ltd
[ip-188-190-98-111.hosted-in.infiumhost.com]
IP 188.190.98.111
AS197145
Name Server: NS73.DOMAINCONTROL.COM | NS74.DOMAINCONTROL.COM
Registrant/Email Registrant: Mark Levi/yeseniaeri8889@yahoo.com
Registrant/Email Registrant: Iren Lostwin/quyyyaziz@yahoo.com
Code: [Select]
hxxp://kdjs982fjkdsfk.info/1515/a/ex         md5sum ===> cb1cd659e77d3b21b26cca0b12056922
hxxp://askds98ifdsfsd.info/1515/a/ex         md5sum ===> cb1cd659e77d3b21b26cca0b12056922
hxxp://188.190.98.111/1515/a/ex              md5sum ===> cb1cd659e77d3b21b26cca0b12056922
hxxp://188.190.98.112/1515/a/ex              md5sum ===> cb1cd659e77d3b21b26cca0b12056922
hxxp://kdjs982fjkdsfk.info/1515/a/rock.php
hxxp://askds98ifdsfsd.info/1515/a/rock.php
hxxp://188.190.98.111/1515/a/rock.php
hxxp://188.190.98.112/1515/a/rock.php
http://www.virustotal.com/file-scan/report.html?id=5154fad05fd65221d61106f205ada7ce985443506b945fb42d899344420eb1af-1321628218
VT 21/41 (51.2%)
Code: [Select]
hxxp://188.190.98.112/index.php

November 21, 2011, 03:37:02 pm
Reply #319

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://adslayer.net/basket/cart.php

November 21, 2011, 09:35:24 pm
Reply #320

Xylitol

  • Special Members
  • Jr. Member

  • Offline
  • *

  • 24
Code: [Select]
hxxp://ecommerceone.ru/zzz/Zeus C&C edited but it's Zeus

November 22, 2011, 06:20:18 pm
Reply #321

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://ecommerceone.ru/control/config.php
Code: [Select]
hxxp://bestsoftics.ru/adminos/sneg/news/incom/config.php

December 02, 2011, 07:05:56 pm
Reply #322

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://cakerecipes.ru/yy.exe     md5sum ===> fe0c71d4351988b5f29d29c9378fe976http://www.virustotal.com/file-scan/report.html?id=8350cec95986a7edf1c2bdfb431050b9bd6f532760ed9ca22dd64a758a92b750-1322851565
VT 34/43 (79.1%)

Code: [Select]
hxxp://buyakabuyaka.kiev.ua/job2/cfg.bin      md5sum ===> ba31abaed93827f31c3339b353be98bc

September 04, 2012, 12:17:31 am
Reply #323

harry.tuttle

  • Newbie

  • Offline
  • *

  • 4
hxxp://lewer.sk/plugins/search/cp.exe
MD5:    F86C59258413416E3853ACC9CDA5BBCA