Author Topic: New Zeus server  (Read 379293 times)

0 Members and 2 Guests are viewing this topic.

March 05, 2010, 03:40:59 pm
Reply #180

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 122.115.63.37
Code: [Select]
hxxp://infoleaderus.biz/limo/laser.jpgmd5sum ===> 8a2e35edb14112daa49edf9b4667b083

Code: [Select]
hxxp://infoleaderus.biz/sun/gate.php

March 05, 2010, 04:08:38 pm
Reply #181

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 64.20.52.218
AS19318
Code: [Select]
hxxp://adobeserverupdate.com/ezik.binmd5sum ===> 51d4c4da73ce077d804125e857dae3b7
Code: [Select]
hxxp://adobeserverupdate.com/gate.php

March 05, 2010, 08:51:32 pm
Reply #182

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://193.105.0.85/scratkey.binmd5sum ===> 60916d47a1eedc0247f782031f65176b
Code: [Select]
hxxp://193.105.0.85/uj65vrev.exemd5sum ===> 7b9a3a18e5121f7dde5788579ad556f6
http://www.virustotal.com/analisis/b7170ce7d3db821b2357856ce9065b8c12cbd8499ba03740e54ac10ac9b85c7a-1267820598
VT 4/42 (9.53%)
Code: [Select]
hxxp://193.105.0.85/dfh7445.php
related zeusbotnet malware:
Code: [Select]
hxxp://nordrilskre.com/load/admin/hide.dllmd5sum ===> 2836143fa4e0beac924cbd8d9d3b45c8
http://www.virustotal.com/analisis/45323760a5fa21563e7e4e27f7f2dc70e9d32dd78a7fa65f468f39782e9ab72b-1267377503

March 06, 2010, 10:12:27 am
Reply #183

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 193.104.22.100
AS34305
Code: [Select]
hxxp://greatuk.org/tt/cfg/config.binmd5sum ===> 94565b2861dc00a618f6873456ed93a6

Code: [Select]
hxxp://122.115.63.32/gus/tdmd5sum ===> e3a9dc41bb2b64d8c48ecb88f230977c
Code: [Select]
hxxp://122.115.63.32/gus/windir.exemd5sum ===> baa03d5745db4206853835251b842b6f
http://www.virustotal.com/analisis/dd7462d75a02994b50bdf01516e0e404b997b54b275ded2b0e4bf1a5f8633972-1267865829
VT 8/42 (19.05%)
Code: [Select]
hxxp://122.115.63.32/gus/td.php
new file:
Code: [Select]
hxxp://abouttraffic.net/news/dim.exemd5sum ===> 446584f46022015f78682ac52e35465f
http://www.virustotal.com/analisis/58843c8a672c5b4b2d971bf23fca227a09750ccd21a52fac43013a5b7c160dd4-1267808447
VT 10/42 (23.81%)

March 06, 2010, 12:48:25 pm
Reply #184

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 195.78.108.152
AS49544
Code: [Select]
hxxp://mycoldcoffe.com/nestle/upa.binmd5sum ===> 037f4bd378dddb8573bad95be0783f8c
Code: [Select]
hxxp://mycoldcoffe.com/nestle/gate.php
IP 124.217.239.158
Code: [Select]
hxxp://nordrilskre.com/cgi-binn/kisme.binmd5sum ===> 03d93cd363c3d22e6c18de8e37f3c81e

Code: [Select]
hxxp://188.72.220.181/plizwork/config.binmd5sum ===> f6fe59c76d14c1066b55f23987fb539f
Code: [Select]
hxxp://188.72.220.181/plizwork/bot.exemd5sum ===> c3f8bb9aa872ccbdd78d3bf401ecf5da
http://www.virustotal.com/analisis/f23ed6b80b3578281ffb27f130b6c3c9cfa88a6e7cf257872c2a7399a18b1d3d-1267879180
VT 8/42 (19.05%)
Code: [Select]
hxxp://188.72.220.181/plizwork/gate.php

March 06, 2010, 07:51:00 pm
Reply #185

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 188.124.15.243
[static.vit.com.tr]
AS44565
Code: [Select]
hxxp://www.youphotolab.info/trash/trash1.binmd5sum ===> 76b5beed40cf2d30b0eca28eb24b993e
Code: [Select]
hxxp://www.skyloudonville.info/ifimages/index.php

March 07, 2010, 11:53:35 am
Reply #186

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://193.105.0.23/gairichi.binmd5sum ===> 3c36ebfc768b082996dcae6afb0581a7
Code: [Select]
hxxp://193.105.0.23/juytrert5h6.php
Code: [Select]
hxxp://193.105.0.202/sandyx.binmd5sum ===> 7d1346aeb88d2a93c808ae21465f2b7b
Code: [Select]
hxxp://193.105.0.202/ryjhtr78u.exemd5sum ===> af25d921b606b46aeb375144208ee066
http://www.virustotal.com/analisis/1c180b998f41ce1399863a9ad8c9c0d706b05aef5f6fa0282a310e11629672e4-1267950856
VT 6/41 (14.64%)
Code: [Select]
hxxp://193.105.0.202/23iuyt.php
Code: [Select]
hxxp://193.105.0.96/olimp.binmd5sum ===> 1d8dfcc093f512382724d295cd9f8cfc


related zeusbotnet malware:
Code: [Select]
hxxp://92.60.177.232/crypt_Rapport.exemd5sum ===> 4f397096bc95cec975947e91fc2e2ef2
http://www.virustotal.com/analisis/5aac61a3511dcf80ae177927548b1f5e3f005aa47dc23b5d6d2832886eac3335-1267918468
VT 3/42 (7.15%)

March 07, 2010, 07:09:22 pm
Reply #187

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://193.105.0.101/kaspers.binmd5sum ===> f091b83f62927b3c8d7ff06ecf2e914c
Code: [Select]
hxxp://193.105.0.101/hgbvfe5yju.exemd5sum ===> 3bbe5b9ee778d17fe25d7fc85293216f
http://www.virustotal.com/analisis/9ec8b3519ac4a03f133d8021225f56986dd2659c184f1c02e0d71578ff235ebb-1267943762
VT 8/42 (19.05%)

IP 203.174.83.98
[203-174-83-98.rev.ne.com.sg]
AS38001
Code: [Select]
hxxp://www.iiiiiiiiiiiiii.net/games/update.setmd5sum ===> 41c0f4d0735f8623d994fa33c7c2cfae
Code: [Select]
hxxp://www.iiiiiiiiiiiiii.net//games/update.php

March 08, 2010, 09:32:43 am
Reply #188

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://papindos.info/checkVersions/database.datmd5sum ===> c84a2112ca3db910ae564fb72ab6a56c
Code: [Select]
hxxp://papindos.info/expertAds/FileMirror.php
Code: [Select]
hxxp://bestreportwas142.in/urrla/c1.binmd5sum ===> 458653cbc1397e2cc3e956a8ab1c6a31
Code: [Select]
hxxp://bestreportwas142.in/urrla/hey.php
Code: [Select]
hxxp://193.105.0.211/royalkingston.binmd5sum ===> 89371942d46b432bd036adb305b58806

new file:

Code: [Select]
hxxp://usworldcast.com/100/cfg33.binmd5sum ===> 38be87eacdff9368103cd8574fc8767d

March 08, 2010, 06:38:31 pm
Reply #189

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 66.40.52.157
AS11388
Code: [Select]
hxxp://safi-vip.100webspace.net/cfg.binmd5sum ===> 7a487006cf265dc8062f6eed3d62dc25
Code: [Select]
hxxp://safi-vip.100webspace.net/gate.php

March 09, 2010, 07:57:27 am
Reply #190

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://193.105.0.71/allovu.binmd5sum ===> 87db2da845ab0296a2d4fcb87ed9fe2a
Code: [Select]
hxxp://193.105.0.71/j65g5hh7.php
IP 94.228.220.66
AS47869
Code: [Select]
hxxp://777brabus777.com/fu/loc.somd5sum ===> 25c4c8249add34718cb87ed78f98581c
Code: [Select]
hxxp://777brabus777.com/tmp/404_ca.php

March 09, 2010, 11:02:11 am
Reply #191

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 94.228.220.66
AS47869
Code: [Select]
hxxp://777brabus777.com/fu/loc.somd5sum ===> 25c4c8249add34718cb87ed78f98581c
Code: [Select]
hxxp://777brabus777.com/tmp/404_ca.php

Also:

[grusha-92-60-177-249.hostinghutor.com]
AS15772
Code: [Select]
hxxp://92.60.177.249/fu/loc.somd5sum ===> 25c4c8249add34718cb87ed78f98581c
Code: [Select]
hxxp://92.60.177.249/tmp/404_ca.php

March 09, 2010, 04:26:22 pm
Reply #192

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 72.167.131.22
[p3swh205.shr.phx3.secureserver.net]
AS26496
Code: [Select]
hxxp://streamlinemediaworks.com/images/space.gifmd5sum ===> cf26de0e07a83df901d2361e8b697ca0
Code: [Select]
hxxp://98.126.17.138/g86f3cbi2.php
new file:
Code: [Select]
hxxp://inasss.info/pt_newold.exemd5sum ===> c68dc0dbbfa2009f84a0f2923651a73f
http://www.virustotal.com/analisis/bdbb806bdba724547297c35102ed14349de87205a8954e2b1c03fba59e721dbb-1268151483
VT 19/42 (45.24%)

March 09, 2010, 05:23:02 pm
Reply #193

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 122.115.63.37
[netnic.com.cn]
AS9803
Code: [Select]
hxxp://calvinkleinstuffz.com/calvinklein2/cfg.binmd5sum ===> b49f1264a256f97a0bb31322d7bf00b7
Code: [Select]
hxxp://calvinkleinstuffz.com/calvinklein2/logger.php

March 09, 2010, 08:57:51 pm
Reply #194

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 91.212.220.10
AS49365
Code: [Select]
hxxp://trastlifer.hk/ribbn.tarmd5sum ===> 7eff23b5cc6c16636a19f2743e08778c
Code: [Select]
hxxp://trastlifer.hk/vmxts.exemd5sum ===> 737caf44bbd1bae81186d1f1bd137809
http://www.virustotal.com/analisis/4ddf31fad5b1b04c24836cb3116c60b4efcafc7ee7ffd3cff98c6209ad3c3803-1268167831
VT 7/42 (16.67%)
Code: [Select]
hxxp:/trastlifer.hk/index1.php