New Zeus server

« previous next »

Print

Pages: 1 ... 9 10 [11] 12 13 ... 48 Go Down

Author Topic: New Zeus server (Read 396656 times)

0 Members and 3 Guests are viewing this topic.

February 27, 2010, 08:18:30 pm

Reply #150

jackberri

Special Members
Hero Member
Offline
1508

Re: New Zeus server

hxxp://iam.superfluxed.net/z/cfg.binmd5sum ===> 5f3d83dcdab1b7d2b10a49d07544c792

hxxp://bestreportws12.in/urrla/c1.binmd5sum ===> 915235f3aae7a8e32edfd5d3180acab6

Logged

February 28, 2010, 01:05:24 pm

Reply #151

jackberri

Special Members
Hero Member
Offline
1508

Re: New Zeus server

hxxp://paedagogisches-journal.de/images/spoolsv_.exemd5sum ===> 52554e61e3e3da65f417222ce5bd13bb
http://www.virustotal.com/analisis/f6fae48d43c4da6b0ca242d6a65183d9f659fde4fd3db5d910c7789bd2a80357-1267361686
VT 4/42 (9.53%)

hxxp://dobmvnh.com/ollala/microsoft.binmd5sum ===> a2901dc5af642b16e7a4d73648404482

hxxp://dobmvnh.com/robot.php
related:

hxxp://ks45tn2.cn/1337/bb.php?v=200&id=500109770&tid=61&b=cl&r=1&tm=2

Logged

February 28, 2010, 02:10:27 pm

Reply #152

jackberri

Special Members
Hero Member
Offline
1508

Re: New Zeus server

hxxp://193.105.0.201/adv1sed.bin
md5sum ===> 5319aad8f2117960a0b06c45f836440c
hxxp://193.105.0.201/theridge.php

hxxp://excode.info/server/config.bin
md5sum ===> 1e483a0eb4c118bd04532f1105373110
hxxp://excode.info/server/gate.php

hxxp://91.201.196.107/cff1.bin
md5sum ===> be8d843c91c66522af67712de809fb40

Logged

February 28, 2010, 02:39:58 pm

Reply #153

SysAdMini

Administrator
Hero Member
Offline
3335

Re: New Zeus server

Quote from: jackberri on February 28, 2010, 01:05:24 pm

Code: [Select]
hxxp://paedagogisches-journal.de/images/spoolsv_.exemd5sum ===> 52554e61e3e3da65f417222ce5bd13bb
http://www.virustotal.com/analisis/f6fae48d43c4da6b0ca242d6a65183d9f659fde4fd3db5d910c7789bd2a80357-1267361686
VT 4/42 (9.53%)

Code: [Select]
hxxp://dobmvnh.com/ollala/microsoft.binmd5sum ===> a2901dc5af642b16e7a4d73648404482
Code: [Select]
hxxp://dobmvnh.com/robot.php
related:

Code: [Select]
hxxp://ks45tn2.cn/1337/bb.php?v=200&id=500109770&tid=61&b=cl&r=1&tm=2

This one is interesting. I was able to track the source of infection.

It starts at compromised German site

paedagogisches-journal.de/news.php
There is an obfuscated iframe that directs to

hulasoftz.cn/s/go.php?sid=13
hulasoftz.cn redirects to an Eleonore exploit kit at

siftozzillaa.cn/1/index.php?s=cac6ee5d4b75fc088217edb4cd34a968
payload of Eleonore kit is Oficla/Sasfis

siftozzillaa.cn/1/load.php?spl=mdac
Oficla contacts its C&C at

ks45tn2.cn/1337/bb.php?v=200&id=636608811&b=cl&tm=2
and it receives instruction for downloading Zeus from compromised German site.

[info]runurl:http://paedagogisches-journal.de/images/spoolsv_.exe|taskid:61|delay:45|upd:1|backurls:852159.com/1337/bb.php;hulasoftz.cn/1337/bb.php[/info]

ZeuS downloads its config file from

dobmvnh.com/ollala/microsoft.bin

and drops stolen data at

dobmvnh.com/robot.php

Logged

Ruining the bad guy's day

February 28, 2010, 02:51:39 pm

Reply #154

jackberri

Special Members
Hero Member
Offline
1508

Re: New Zeus server

Another compromised site?

hxxp://imhiddene.ishidden.net

hxxp://imhiddene.ishidden.net/plox/configs2.binmd5sum ===> 897427a52b96a07ea64c0259516883cd

Logged

February 28, 2010, 05:55:58 pm

Reply #155

jackberri

Special Members
Hero Member
Offline
1508

Re: New Zeus server

hxxp://dgnews.org/images/cfg2.binmd5sum ===> 07b6263cc53a361b79a239dbc1baa647

hxxp://sakura2.cn/c.binmd5sum ===> 4c81b56683f909d643f158fa293b70f8

hxxp://johnm.tmweb.ru/site/class.binmd5sum ===> ab14dfa8de6362fdcf0c306298d98322

Logged

February 28, 2010, 08:51:36 pm

Reply #156

jackberri

Special Members
Hero Member
Offline
1508

Re: New Zeus server

hxxp://globetechnologies.com/catalog/images/gift_certificates/gv_75.gifmd5sum ===> 9bedae3d5b582b30d5e975191b71f0f0

Logged

March 01, 2010, 01:49:48 pm

Reply #157

jackberri

Special Members
Hero Member
Offline
1508

Re: New Zeus server

hxxp://allnatroniksssss.com/files/d7.outmd5sum ===> 2281fa1af08d153e376bec2bfef21bba

Logged

March 01, 2010, 04:30:35 pm

Reply #158

jackberri

Special Members
Hero Member
Offline
1508

Re: New Zeus server

hxxp://servisesocks5.com/zs/cofag56.binmd5sum ===> c4eec573857243d81096c3deebd41187

hxxp://centralspl.ru/adrenalin/cfg.binmd5sum ===> 9a5be3d70150e0bd44c49789fc0583db

hxxp://centralspl.ru/adrenalin/oops.php

Logged

March 01, 2010, 08:04:24 pm

Reply #159

jackberri

Special Members
Hero Member
Offline
1508

Re: New Zeus server

hxxp://193.105.0.17/feelinfrisky.binmd5sum ===> 77abcad1e05a93124c49c54092812a55

hxxp://193.105.0.17/sumoero.exemd5sum ===> 68209dcadcf9be9cb804a88d0b3521a5
http://www.virustotal.com/analisis/3fedcf73962b437b76864e6112f997462c10fe488214b58edec35e5190ce9670-1267473607
VT 2/42 (4.77%)

hxxp://193.105.0.17/mongelos.php

Logged

March 01, 2010, 09:07:52 pm

Reply #160

jackberri

Special Members
Hero Member
Offline
1508

Re: New Zeus server

hxxp://en.kyod.biz/lu/en.binmd5sum ===> 1591367a5964beba3b85e8496aa149a2

hxxp://195.3.136.90/lu/en.exemd5sum ===> 43725ab041033a5737d1f19e3b0e2d38
http://www.virustotal.com/analisis/23f68daf0f203ab32bcc574378b36a1f69c6d4eb39770e94825651c9e365cd89-1267477358
VT 23/42 (54.77%)

hxxp://en.kyod.biz/lu/aboutus.php

Logged

March 01, 2010, 11:56:25 pm

Reply #161

jackberri

Special Members
Hero Member
Offline
1508

Re: New Zeus server

hxxp://193.105.0.131/mohitos.binmd5sum ===> 071c8f8580adbf4958f9be21c8dc1601

hxxp://193.105.0.131/dghtryhj8k.exemd5sum ===> 793e4c4873a97e9228c9c49f588509cc
http://www.virustotal.com/analisis/887519502452c59659a68be40f81f83150a566b6298668598f66f9e97e1b6dbb-1267486985
VT 2/42 (4.77%)

hxxp://193.105.0.131/pytfccr5ef4.php

hxxp://193.105.0.84/amerskv.binmd5sum ===> 342b3984b8a83370e8420bc0559f7a70

hxxp://193.105.0.84/sdfgrtybjikj.exemd5sum ===> 7f9c3d31d6b5c13bacb6f0cd17ac5571
http://www.virustotal.com/analisis/8d7467bf1dfd45068b3176a6596e82587e4480d45e6e8ef28d006a4c1b63313e-1267487555
VT 2/42 (4.77%)

hxxp://193.105.0.84/hnuik9845f.php

Logged

March 02, 2010, 08:01:23 am

Reply #162

jackberri

Special Members
Hero Member
Offline
1508

Re: New Zeus server

hxxp://193.105.0.22/bigdealzed.binmd5sum ===> 0dae58dbed633decceec127e0e0753bb

hxxp://193.105.0.22/vncudnvuerjg.exemd5sum ===> 9efa4ac7a084e4763ed07167b4490fe6
http://www.virustotal.com/analisis/d66d66d9e74a52afd4a653c4639a67bc0c1c4351c641cc11a111f23eedc2fb1d-1267516645
VT 4/42 (9.53%)

hxxp://193.105.0.22/ckduvbnf8r.php

hxxp://193.105.0.54/farmerfer.binmd5sum ===> 5eac981424b30925d8cada6f3f092a37

Logged

March 02, 2010, 10:10:41 am

Reply #163

jackberri

Special Members
Hero Member
Offline
1508

Re: New Zeus server

hxxp://ellynoise.com/SpellF0rce/Y5v20t6Fdw7t3uT.binmd5sum ===> 20c070f0d5d86c604431eba2b6b487a2

hxxp://lastweeked.com/Spe11Set234/jhtcd6u52nmTGHNQ25MUAym23GSajt2835JMhgsHJ735hj.php

Logged

March 02, 2010, 11:25:39 am

Reply #164

jackberri

Special Members
Hero Member
Offline
1508

Re: New Zeus server

hxxp://secline777.net/files/zf.nrgmd5sum ===> 85ef433b75c194fb6c90100b2b3d57db

hxxp://secline777.net/stat/index.php
related:

hxxp://secline777.net/reg.exemd5sum ===> 891fd16f1e89f28f1dde3f1769486430
http://www.virustotal.com/analisis/c6896383a445536bbcc04ce2809750818c860353a009b2249204d8cccdf73eb0-1267528837
VT 3/41 (7.32%)

Logged

Print

Pages: 1 ... 9 10 [11] 12 13 ... 48 Go Up

« previous next »

SMF 2.0.19 | SMF © 2021, Simple Machines
Aqua Style by Diego Andrés
XHTML
RSS
WAP2

Page created in 0.066 seconds with 17 queries.