Author Topic: Trojan/Zbot.B / LICAT / Murofet - Domains  (Read 3404 times)

0 Members and 1 Guest are viewing this topic.

October 14, 2010, 03:39:58 pm
Read 3404 times

extrexploit

  • Newbie

  • Offline
  • *

  • 8
lrulqnsknrngii.com/news/?s=333
oxgtnnefurwoym.com/news/?s=333
ppmnvoykjkpznso.info/news/?s=333
qqwnudmsqzkyvnig.info/news/?s=333
rrpgrrvlospmndum.com/news/?s=333
sprkslhjshwdcomn.com/news/?s=333
tnjulxjrlletzj.org/news/?s=333
xrfrpevxvjbimup.info/news/?s=333
xrfrpevxvjbimup.info/news/?s=111
hsosqykotrpsapxb.com/news/?s=333

for more info: http://extraexploit.blogspot.com/2010/10/some-domains-for-licatmurofettrojanzbot.html

October 14, 2010, 04:59:08 pm
Reply #1

Amishrabbit

  • Jr. Member

  • Offline
  • **

  • 10
All currently resolve to 195.189.226.107

According to Robtex there are other domains shared on that IP. The complete list is::

ktpovjglusmlgowj.info
kwqoutmkxpjvupsm.info
ntetjxwptxprwum.info
ppmnvoykjkpznso.info
qqwnudmsqzkyvnig.info
snjkopspqsvsjnn.info
vvjsuxryvlgpsno.info
xrfrpevxvjbimup.info
iuxylqfjoweldkjt.biz
qsvlpniiolwfqcpv.biz
jlpnthukkmpsnxw.net
njjldkttekjpsib.net
pjoonugrjunzlr.net
ioppkgipkgk.org
kxconwxqkjqfdvxr.org
opkmistvknnmyu.org
oqynoyvrkqtgodui.org
ruhgulxuojxgzp.org
rxcucjigojwvujp.org
tnjulxjrlletzj.org
hsosqykotrpsapxb.com
lrulqnsknrngii.com
oxgtnnefurwoym.com
rrpgrrvlospmndum.com
sprkslhjshwdcomn.com
vqwlouxcpqwmiai.com

However, only the original nine domains at the top are currently delivering malware.
-=A

October 14, 2010, 06:56:05 pm
Reply #2

extrexploit

  • Newbie

  • Offline
  • *

  • 8
At this time I can still retrieve zbot.b from hsosqykotrpsapxb.com/news/?s=333
Can you confirm ? Have you got info about spreading vector ?

Regards