Malware Domain List

Malware Related => Malicious Domains => Topic started by: eoin.miller on July 08, 2010, 05:48:30 pm

Title: 212.150.164.0/24 - Drive By's and Malvertising
Post by: eoin.miller on July 08, 2010, 05:48:30 pm: Seeing some exploit kits and malvertising in the 212.150.164.0/24 netblock.

212.150.164.202 - pgpg.ws

Entry point:
http://pgpg.ws/dbcdefabcdefabcdefabcd/well.php

Malicious PDF:
http://pgpg.ws/dbcdefabcdefabcdefabcd/files/goodshootthebreezedino.pdf
Wepawet Report: http://wepawet.iseclab.org/view.php?hash=f4a2c5e4a4be19257d2cf84f3f093fa0&type=js

Malicious ASX (windows media player):
http://pgpg.ws/dbcdefabcdefabcdefabcd/files/simple.asx

Malicious JAR:
http://pgpg.ws/dbcdefabcdefabcdefabcd/files/intellectualguesses.jar
http://pgpg.ws/dbcdefabcdefabcdefabcd/files/hookedsecurity.jar

Payload:
http://pgpg.ws/dbcdefabcdefabcdefabcd/mothersdarlingcross.php
http://pgpg.ws/dbcdefabcdefabcdefabcd/yettiownssomelilz.php?e=9&n=
VirusTotal Results (9/41): http://www.virustotal.com/analisis/ec2a42238c55b8135c745889d2f87200698dbf9d5d37a869e82a3a9ba951faa9-1278553255

Post infection, hosts are checking in to:
wc-zone.info
wc-lost.info

SMF 2.0.18 | SMF © 2021, Simple Machines