Malware Domain List

Malware Related => Malicious Domains => Topic started by: eoin.miller on May 17, 2010, 03:03:58 pm

Title: 195.88.144.99/194.8.251.160 - eleonore exploit kits
Post by: eoin.miller on May 17, 2010, 03:03:58 pm

Looks like an eleonore exploit kit(s).

195.88.144.99 - nuyamnyam.ru www.updatemicd.in
194.8.251.160 - dfhjdfst.com medicinada.com

PDF exploit here:
http://medicinada.com/usaa4803/pdf.php

Wepawet report on PDF:
http://wepawet.iseclab.org/view.php?hash=1704d2d08983519a179b6c266917bfa1&type=js

Title: Re: 195.88.144.99/194.8.251.160 - eleonore exploit kits
Post by: philipp on May 17, 2010, 03:57:07 pm

Code: [Select]

200 http://medicinada.com/usaa4803/
200 http://medicinada.com/usaa4803/index.html
200 http://medicinada.com/usaa4803/index.php
200 http://medicinada.com/usaa4803/install.php
200 http://medicinada.com/usaa4803/load.php (MD5: 613b0104901655e5b9156bac46fc50d6)
200 http://medicinada.com/usaa4803/pdf.php
200 http://medicinada.com/usaa4803/stat.php
200 http://medicinada.com/usaa4803/i/
403 http://medicinada.com/usaa4803/load/
200 http://medicinada.com/usaa4803/i/1.php
200 http://medicinada.com/usaa4803/i/index.php
200 http://medicinada.com/usaa4803/load/load.exe (MD5: 613b0104901655e5b9156bac46fc50d6)


Title: Re: 195.88.144.99/194.8.251.160 - eleonore exploit kits
Post by: eoin.miller on May 17, 2010, 04:05:58 pm

Looks like one of the payloads is Win32/Ambler.A

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FAmbler.A