Author Topic: New Zeus server (Read 386600 times)

jackberri · June 01, 2010, 03:09:13 pm

IP 193.105.207.103
AS50793
Registrant/Email Registrant: Thomas Alexandre/support@okrison.com

hxxp://okrison.com/ftp/net.binmd5sum ===> b1503e9aedca391c8112db3a0a4068a2
SHA256 ===> 5bc09232abac92325c32e46dd46a626966ae4dafb1ebb09a400ba5eb24d326b6

Code: [Select]

hxxp://okrison.com/ftp/net.exemd5sum ===> ff7c6371745e1e0a4a96cf505fbb4f6e
SHA256 ===> ef1ad4e76548711c4a57aaa301c821b20856f36be613e15d2cee3f5b4b87efeb
https://www.virustotal.com/es/analisis/ef1ad4e76548711c4a57aaa301c821b20856f36be613e15d2cee3f5b4b87efeb-1275404455
VT 5/41 (12.2%)

Code: [Select]

hxxp://okrison.com/ftp/gateway.php

jackberri · June 02, 2010, 11:06:44 pm

IP Location: United States - RR-RC-Enet-Columbus
IP 173.45.117.233
AS10297
[e9.75.2d.static.xlhost.com]
Email Registrant: contact@privacyprotect.org

Code: [Select]

www.tunisia-security.com/ze/cfg.binmd5sum ===> 9b5e0650379e654ac822cffe9ef0116c
SHA256 ===> db3ad0b3176c1af0eb9362dcecb8c81d9a23ec48a30ea1206ae969c54f3abe04

Code: [Select]

hxxp://www.tunisia-security.com/ze/bot.exemd5sum ===> b82cb305dd628068ce172611b8e8344d
SHA256 ===> 14bb262d9b75bf74041eb67a0e66e088616203828439ac4c901a77f25600a2a2
https://www.virustotal.com/es/analisis/14bb262d9b75bf74041eb67a0e66e088616203828439ac4c901a77f25600a2a2-1275518618
VT 31/41 (75.61%)

Code: [Select]

hxxp://www.tunisia-security.com/ze/gate.phprelated:

Code: [Select]

hxxp://shup.com/Shup/354526/ss.exemd5sum ===> f723c2afc93c7dfa541a681cefe77620
SHA256 ===> 987c752d5c7b3c8c1c65d73c9bb0c0b36d632030d8368953bb211517993407b2
https://www.virustotal.com/es/analisis/987c752d5c7b3c8c1c65d73c9bb0c0b36d632030d8368953bb211517993407b2-1275519118
VT 24/41 (58.54%)

Code: [Select]

hxxp://stashbox.org/915020/ss.exemd5sum ===> f723c2afc93c7dfa541a681cefe77620
SHA256 ===> 987c752d5c7b3c8c1c65d73c9bb0c0b36d632030d8368953bb211517993407b2

related:

Code: [Select]

hxxp://slh02.no-ip.biz:288/

jackberri · June 03, 2010, 05:22:16 pm

IP Location: Colombia - CAPITAL-TECHNOLOGY - Capital Technology Services Group
IP 200.115.112.222
AS21560
Registrant/Email Registrant: zhou hao/ujangoc@126.com

Code: [Select]

hxxp://parfaitpournous.com/botpanel/sell2.jpgmd5sum ===> 3f0b1aacfcc7c87d0faee8ae1f66bd86
SHA256 ===> e566c6df70baa6834ea1829a317c85c5a7fd455436be61cedb7621453bb5ea81

Code: [Select]

hxxp://parfaitpournous.com/botpanel/rofl.php

jackberri · June 04, 2010, 10:13:09 pm

IP Location: Canada - MTO Telecom inc. Proxy Route Object Gogax - MAINT AS21793 Maintainer for Tenino Telephone
IP 76.76.101.68
[reverse-mtl-76-76-101-68.gogax.com]
AS21793

Code: [Select]

hxxp://krakinderviksa.com/jkbtezj/lib.php

jackberri · June 05, 2010, 10:12:40 am

Code: [Select]

hxxp://lbook.org/~hjelp/cp6/bot.exemd5sum ===> b19342766c5cdb193c27cc44255a2473
SHA256 ===> 4dfc66ce2034acc9c0b7150674fac5442c00ff23d8e0e39344a7b3c5161182df
https://www.virustotal.com/es/analisis/4dfc66ce2034acc9c0b7150674fac5442c00ff23d8e0e39344a7b3c5161182df-1275731365
VT 7/41 (17.08%)

Code: [Select]

hxxp://lbook.org/gbot2.exemd5sum ===> e77aea12708fbfc35a95d021b8cc7557
SHA256 ===> b6f753c8f5554286709a7a892b42332e7d9424227e07ae3d7f6d9e219ed5b2ee
https://www.virustotal.com/es/analisis/b6f753c8f5554286709a7a892b42332e7d9424227e07ae3d7f6d9e219ed5b2ee-1275731514
VT 7/41 (17.08%)
related:

Code: [Select]

irc.priv8net.com
C&C Server: 85.12.60.100:51987

jackberri · June 05, 2010, 06:09:28 pm

IP 193.105.207.120
AS
Email Registrant: gavrilov81@mail.ru

Code: [Select]

hxxp://globus-trio.ru/catalog/catalog.binmd5sum ===> ab7d91b5d7c3b1389c17e173e841bf82
SHA256 ===> 90e823eeff6619a56cfe9fe0de60fe19fcb8231f7f046b69c874086d7dce6352

Code: [Select]

hxxp://globus-trio.ru/catalog/catalog.php

Code: [Select]

hxxp://globus-trio.ru/catalog/killaa10.exemd5sum ===> b50606acad2827222257d23efd48dccb
SHA256 ===> 5dabd03761a35a1534cce98a16576bc6c4e2f322af020d664313d95fe55019ec

Code: [Select]

hxxp://globus-trio.ru/catalog/kill10.exemd5sum ===> d668331822ae98a98ce1d74384d7cc0e
SHA256 ===> 306e86bbf62c9b56f7916b463d0f08f21cc907f4f7eabe7e040f41fc49d3c7f4

Code: [Select]

hxxp://globus-trio.ru/catalog/rapport10.exemd5sum ===> faa25caf05055777b4b71b8b0cc87f56
SHA256 ===> ee61a1cae09851bcbc870bedfcb317d18a8a1701563d1b374813018ae806b758

jackberri · June 06, 2010, 01:09:25 pm

IP Location: Ukraine - Datacentre "0x2a" Route object - net-0x2a-as Private Entrepreneur Zharkov Mukola Mukolayovuch Datacentre "0x2a"
IP 91.211.117.144
AS48587
Registrant ID:DI_10802959
Registrant/Email Registrant: Abdul/g4hosting@safe-mail.net

Code: [Select]

hxxp://installsalot.in/ca/helloworld.binmd5sum ===> af7fb4e2d2d315347f1cea6d8d6f1219
SHA256 ===> 694fa298df6948ee0b1ae5fe03c4435d273bb5e0ea7e1b61f6f1a6f3f33e9b71

Code: [Select]

hxxp://installsalot.in/ca/go.exemd5sum ===> f235b65866b00fb04f74652b27ae6675
SHA256 ===> 50c7df12acafeba04c83a51d23089c861b9498b407f82fce3cf2351f4b2d5579
https://www.virustotal.com/es/analisis/50c7df12acafeba04c83a51d23089c861b9498b407f82fce3cf2351f4b2d5579-1275829314
VT 33/40 (82.5%)

Code: [Select]

hxxp://installsalot.in/ca/index.php
--------
related zeusbotnet malware:
IP Location: United Kingdom - UK2.NET - UK2NET-AS UK-2 Ltd Autonomous System One
IP 109.123.78.51
[mercury.itx-dns.com]
AS13213
Protected Domain Services Customer ID: NCR-927080
Email Registrant: hostshack.net@protecteddomainservices.com

Code: [Select]

hxxp://hostshack.net/files/328997512/IC.exemd5sum ===> 12d8f64c8d1f21863316ebfcbcc7228b
SHA256 ===> 5f2f4b37e7002c41c29344ed3370c81adb8a3358d2927580708084f221fb4521
https://www.virustotal.com/es/analisis/5f2f4b37e7002c41c29344ed3370c81adb8a3358d2927580708084f221fb4521-1275819301
VT 14/41 (34.15%)

Code: [Select]

hxxp://hostshack.net/files/328997512/STL.exemd5sum ===> 4c38cf8a0dd52131996c03ee84498eee
SHA256 ===> bd95d8266a8c3afea3738e19bc8e32b58c90b50d230ac791f7fcc818c9cd3356
https://www.virustotal.com/es/analisis/bd95d8266a8c3afea3738e19bc8e32b58c90b50d230ac791f7fcc818c9cd3356-1275819456
VT 9/41 (21.96%)

Code: [Select]

hxxp://hostshack.net/files/328997512/E4U.exemd5sum ===> 8002a924799a9e720eeb70d7c487d796
SHA256 ===> 00994242a5d59111d76b66860d55588852f88ab1d84c0d4c20c8dd3ad4557f2d
https://www.virustotal.com/es/analisis/00994242a5d59111d76b66860d55588852f88ab1d84c0d4c20c8dd3ad4557f2d-1275819578
VT 11/41 (26.83%)

jackberri · June 08, 2010, 02:53:13 pm

IP 193.105.207.103
AS50793
Email Registrant: gavrilov81@mail.ru

Code: [Select]

hxxp://221212121.ru/forum/index1.lolmd5sum ===> 19ce8bcc8c07d182bfb101adbe82ab0b
SHA256 ===> edfb46110a717d3ebf03479f70f0904648fd4aba59222533652812b6808c530c

Code: [Select]

hxxp://221212121.ru/forum/login.php

jackberri · June 09, 2010, 07:54:45 am

IP Location: Turkey - DIMENOC-HOSTDIME .com
IP 66.7.198.88
[server2.dns-principal-2.com]
AS33182

Code: [Select]

hxxp://municipalidadlagoranco.cl/images/banners/samo.jpgmd5sum ===> 03b1f3392301ef4fdf9c88827a047396
SHA256 ===> 30f908fd22051faf803bf27cf7cf29e1b6703f4c9ad0d65cdadfc1cbb69aefca
https://www.virustotal.com/es/analisis/30f908fd22051faf803bf27cf7cf29e1b6703f4c9ad0d65cdadfc1cbb69aefca-1276068710
VT 8/41 (19.52%)
related:
IP Location: Spain - AS_ARSYS-EURO-1 arsys.es
IP 217.76.130.89
[llgf010.servidoresdns.net]
AS20718

Code: [Select]

hxxp://cooperaccio.org/img/flash.binmd5sum ===> 65a6fa54069aa0f59a7516f2c8d1d606
SHA256 ===> 7db8b3fdfae981967616c0606071036fb669ea32f51214099d2da89a53a59724

jackberri · June 09, 2010, 09:18:04 am

IP Location: Spain - IPEOPLE Internet People SL
IP 89.207.232.14
[mercurio.dominiodns.com]
AS41287
ID: 280A-MIG1
Registrant/Email Registrant:Gualda Sancho/info@gualda.com

Code: [Select]

hxxp://caseva.es/images/totalimg.jpgmd5sum ===> 19ec9cb54270f53e6c978f11d3601e0e
SHA256 ===> 4eb8e6b76b30f2b5a9ba33d68ab2af319e622f6701c53db3310e3a84b9fe6f20
https://www.virustotal.com/es/analisis/4eb8e6b76b30f2b5a9ba33d68ab2af319e622f6701c53db3310e3a84b9fe6f20-1276070927
VT 5/40 (12.5%)
related:

Code: [Select]

hxxp://loteriahadamadrina.com/imagenes/flash.binmd5sum ===> 9cb237d199338e6bced4c60aca23b9b7
SHA256 ===> 56d44f79706b1ff119e3e1aa66288766347445fd44b9a2e00536d03879d2a031

IP Location: United States - COGENT /PSI
IP 149.6.80.14
[ipeople.demarc.cogentco.com]
AS174
Registrant/Email Registrant:Computer Wealthy, S.L/info@computerwealthy.com

Code: [Select]

hxxp://barriolamc.com/inc/flash.binmd5sum ===> 6861de5ddcf743c0c5820470e32149ca
SHA256 ===> e0429d55f4806d428a07e7a327d900adf5b50e9390e4c18b73adc33f171729ae
related:

Code: [Select]

hxxp://municipalidadlagoranco.cl/images/banners/cocaine.jpgmd5sum ===> 9674c2aea6d7e82c997b154eb83021dd
SHA256 ===> ce3391025337d85772e57230ea5fca32c8617303349f5a415204692e5917ceab
https://www.virustotal.com/es/analisis/ce3391025337d85772e57230ea5fca32c8617303349f5a415204692e5917ceab-1276073006
VT 6/41 (14.63%)

IP Location: France - AMEN Network
IP 62.193.209.39
[vds-873329.amen-pro.com]
AS28677
Registrant/Email Registrant: Computer Wealthy, S.L/info@computerwealthy.com

Code: [Select]

hxxp://campinglavall.net/img/packmen.jpgmd5sum ===> ed3e9c0a003b472a031d9342fd52f6d4
SHA256 ===> c42c3545e3c9ad7731a9180348c09fbb6053e458509f7bc5e08fe9853848dbe2
https://www.virustotal.com/es/analisis/c42c3545e3c9ad7731a9180348c09fbb6053e458509f7bc5e08fe9853848dbe2-1276074024
VT 5/41 (12.2%)
related:
IP Location: France - OVH ISP
IP 91.121.152.148
[host.computerwealthy.es]
AS16276
Registrant/Email Registrant:Plana Rovira S.L/nurimaso@nusvirtual.com

Code: [Select]

hxxp://llessui.com/imagenes/flash.binmd5sum ===> 190a49722b860a2a2ac58e091370975f
SHA256 ===> 3a14a12ff939e92422f54f4816545d1519dd4015ef2dc70c9682da549396e7f5

jackberri · June 09, 2010, 10:59:40 am

IP Location: Germany - STRATO AG
IP 81.169.145.148
[w94.rzone.de]
AS6724
Registrant/Email Registrant: Jose Manuel Reguera Silva/josemareguera@hotmail.com

Code: [Select]

hxxp://tributem.com/latbuena_11.jpgmd5sum ===> 9b80f59cc69f9e3a14bafc115b03a42a
SHA256 ===> 9ccb47a82f547ef4090a389f18893e1c0269962d88bd5a720ec975180d768b36
https://www.virustotal.com/es/analisis/9ccb47a82f547ef4090a389f18893e1c0269962d88bd5a720ec975180d768b36-1276080902
VT 6/41 (14.64%)

Code: [Select]

hxxp://tributem.com/latbuena_15.jpgmd5sum ===> 8eb894367b499f4d1664725b1223d6d6
SHA256 ===> 1f84a48a78c265d13158a262e396bc16f412800db496f030b49936fb3a64344a
https://www.virustotal.com/es/analisis/1f84a48a78c265d13158a262e396bc16f412800db496f030b49936fb3a64344a-1276080989
VT 6/41 (14.64%)
related:

Code: [Select]

hxxp://barriolamc.com/inc/flash.bin

jackberri · June 09, 2010, 10:56:59 pm

IP Location: Chile - CL-ECSA-LACNIC ENTEL CHILE S.A
IP 200.72.1.94
[winweb.entelchile.net]
AS6471
Registrant: Alejandro Chanes Luksic

Code: [Select]

hxxp://www.alcamarsaci.cl/images/jmm.jpgmd5sum ===> 285c71451e1d43a1170c74ec0bc21e50
SHA256 ===> 5a702af4d660b82dafb75fc2aa00f827d96e138fe450823ecf4e1650e881887e
https://www.virustotal.com/es/analisis/5a702af4d660b82dafb75fc2aa00f827d96e138fe450823ecf4e1650e881887e-1276123578
VT 7/41 (17.08%)
related:

Code: [Select]

hxxp://serraniasuroeste.org/images/flash.binmd5sum ===> f025524b0647f4e90271efc066613113
SHA256 ===> 25443550e4254dffd75c50d98f3652d1b09c5e757e91f941a48ee1896df5de67

jackberri · June 10, 2010, 07:02:53 am

IP Location: France - PROXAD Free SAS
IP 88.191.14.154
[sd-1622.dedibox.fr]
AS12322
Registrant/Email Registrant: Antoine Porter/wcqewkxc95@gmail.com

Code: [Select]

hxxp://geroinanety.net/estatwebstat/webstat.phpdropzone for:

Code: [Select]

serraniasuroeste.org/images/flash.bin
llessui.com/imagenes/flash.bin
loteriahadamadrina.com/imagenes/flash.bin
barriolamc.com/inc/flash.bin
cooperaccio.org/img/flash.bin

IP Location: United Kingdom - FASTHOSTS-INTERNET Fasthosts Internet Ltd
IP 213.171.218.7
[server213-171-218-7.livedns.org.uk]
AS15418
Registrant/Email Registrant: valle Romano Sur Roger Allwood/rallwood@ari.es

Code: [Select]

hxxp://comunidadvalleromanosur.com/Images/vallewe.jpgmd5sum ===> 8e7ee4bda3daeeaecf6d3844690a8ca5
SHA256 ===> 9954f2b15851b2913164f95c10afde6492e37eae57d1841b8190cc8ff869c2c3
https://www.virustotal.com/es/analisis/9954f2b15851b2913164f95c10afde6492e37eae57d1841b8190cc8ff869c2c3-1276152243
VT 6/41 (14.64%)
related:

Code: [Select]

hxxp://cooperaccio.org/images/flash.bin

jackberri · June 10, 2010, 04:58:46 pm

IP Location: Germany - HETZNER-RZ-NBG-BLK5 - HETZNER-AS Hetzner Online AG RZ
IP 78.46.39.103
[static.103.39.46.78.clients.your-server.de]
AS24940
Email Registrant: genkonrkarl11@gmail.com

Code: [Select]

hxxp://blakoneyrenr.ru/temp/re/cofag56.binmd5sum ===> aaa0d202eff52741b68645848a6e1dba
SHA256 ===> a7c9637f3c59a82eac6bd1b918baad19d9006e98a02bfa81062e578c594c777a

Code: [Select]

hxxp://blakoneyrenr.ru/temp/re/gates5.phpTDSS:

Code: [Select]

hxxp://blakoneyrenr.ru/1276003925.exemd5sum ===> 72c4bfd94032b71009e84cc9a376f9a3
SHA256 ===> 513f5d10d3f4ffb2622b4cbb52ace2825da72c383b36287b040da52b7a27f01e
https://www.virustotal.com/es/analisis/513f5d10d3f4ffb2622b4cbb52ace2825da72c383b36287b040da52b7a27f01e-1276187891
VT 27/41 (65.86%)

jackberri · June 10, 2010, 07:19:16 pm

IP 195.206.246.209
AS31252

Code: [Select]

hxxp://www.inhaber-moack.com/rsyvsdg/cfg.binmd5sum ===> 41659d924748fe0def088f51313b0435
SHA256 ===> 9f0842aee67090b00dc9e2d4cc9f1a09de7c53c45405524576787d297bdc1fad

Code: [Select]

hxxp://www.inhaber-moack.com/rsyvsdg/gate745736.php

Author Topic: New Zeus server (Read 386600 times)

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server