Author Topic: New Zeus server  (Read 371795 times)

0 Members and 1 Guest are viewing this topic.

March 02, 2010, 01:08:09 pm
Reply #165

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://www.gaddem.net/scam/can/cfg.cfgmd5sum ===> 0b4afdb6cd6610bb578185ebbbeb4305

March 02, 2010, 03:42:25 pm
Reply #166

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://vds-6ae9.1gb.ua/vds/loc_.exemd5sum ===> 532baa0e526d6a08a703392d210f28ef
http://www.virustotal.com/analisis/ae696b3a9225369af918cb79989f82cb905752590025b0053d3f1c0bef8f08af-1267541158
VT 5/42 (11.91%)
Code: [Select]
hxxp://vds-6ae9.1gb.ua/vds/loc.exemd5sum ===> eee70e57641cfc582b2000fb36def9ee
http://www.virustotal.com/analisis/a1c54296387f40c96f433bd3b0f89bf3f74163230bcd354e9295cfec8ef48b02-1267540968
VT 22/42 (52.39%)
Code: [Select]
hxxp://intrunans.biz/httpd/loc.somd5sum ===> b3688596f3a3ce4ce533ace2c82603ce


Code: [Select]
hxxp://vds-6ae9.1gb.ua/vds/pt.exemd5sum ===> ecd82988bad0f98f7fb7eb2f6a68ba76
http://www.virustotal.com/analisis/ab047752c9c1cd6cca921ec2e90cc2099272923b2af899b1b9a0246241fdb895-1267542428
VT 20/42 (47.62%)
Code: [Select]
hxxp://inasss.info/_ptu/loc.somd5sum ===> 1bd4eb75702b8b3ed1b9d1a7e127ec87

Code: [Select]
hxxp://vds-6ae9.1gb.ua/vds/uk1.exemd5sum ===> c1e5accf34a3e49465e9460110e204dd
http://www.virustotal.com/analisis/11e8b841860951f16c72f218d0ec554696bf7292f0c7c40010cc680c4a317356-1267542895
VT 22/41 (53.66%)
Code: [Select]
hxxp://vds-6ae9.1gb.ua/vds/uk1_.exemd5sum ===> 0734dedc9e0a745b029cb697de39fe2c
http://www.virustotal.com/analisis/a35eb59406e40f401bbba5a553fde122ec529867e79e89903018d262dba62c5d-1267543884
VT 4/41 (9.76%)
Code: [Select]
hxxp://kinetikman.com/httpd/loc.somd5sum ===> 55013cf320dcedc5bf994aa5a07ed3bf

zeus trojan for
Code: [Select]
vsezaebok.biz:
Code: [Select]
hxxp://vds-6ae9.1gb.ua/vds/g3.exemd5sum ===> f979b34af492fa865f6da994fcbf98b0
Code: [Select]
http://www.virustotal.com/analisis/8b2234352d0381b1e6d4b9e4204d7ba5e681e1ce90e81f080ef0f3b5e04f00c3-1267340719VT 3/41 (7.32%)

related files:

Code: [Select]
hxxp://vds-6ae9.1gb.ua/vds/usr32.exemd5sum ===> fc862828bcb4f941b5acd11fc003abb3
http://www.virustotal.com/analisis/b0fb545ff54300bd36d2639974540942aa8e2c70ac797e2e7fac05418486dacc-1267494934
VT 10/41 (24.39%)

Code: [Select]
hxxp://vds-6ae9.1gb.ua/vds/sv_.exemd5sum ===> 5d1b4406086d109fb144d568e28b0b8d
http://www.virustotal.com/analisis/c020d491344b331b93fee3c65f9fc0968871e02c9fca975feeccd2c3dd458b39-1267543356
VT 12/42 (28.58%)

Code: [Select]
hxxp://vds-6ae9.1gb.ua/vds/Rapport.exemd5sum ===> 14997a8ac270980608357d62964df41d
http://www.virustotal.com/analisis/4cde31351d2b34e3ea9ee6910ae0c6ceae0254b2322cd38e0331c7938f23da73-1267540382
VT 2/42 (4.77%)

Code: [Select]
hxxp://vds-6ae9.1gb.ua/vds/erwtuyt.exemd5sum ===> ad9342b3721d9eeb7bb6dd1f0c5e5e2d
http://www.virustotal.com/analisis/46071eae795fa891999e0a1a02160751ec55af4dc200ed7283e3cab9bcd6a613-1267540635
VT 17/42 (40.48%)

Also related:
{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}

March 02, 2010, 05:10:47 pm
Reply #167

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://fdkjsnfdjsbfj.net/zend/cfg.binmd5sum ===> 1a0c8234b4debc1d70982b514783eac9
Code: [Select]
hxxp://fdkjsnfdjsbfj.net/zend/bot.exemd5sum ===> 24f61b98eeedd6cd77cf4062c5d0c0a4
http://www.virustotal.com/analisis/98e370fced5d223e9c0d85d872e938210f7ffe753a0fd54af4f3dffdcc775279-1267547523
VT 23/41 (56.1%)
Code: [Select]
hxxp://fdkjsnfdjsbfj.net/zend/gate.php

March 02, 2010, 07:43:45 pm
Reply #168

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://infosline.net/zf/zf.nrgmd5sum ===> 93907e038aa20701847ab644c19d0388
Code: [Select]
hxxp://infosline.net/zf/zf.exemd5sum ===> bb1f90348d4feb8c62f529a241295537
http://www.virustotal.com/analisis/973aaf12a2755cbc32ee149740ae2eda9496e006648d1542a83a8cc73fb33ae0-1267557958
VT 26/42 (61.91%)
Code: [Select]
hxxp://infosline.net/zf/index.php
hxxp://infosline.net/zf/gate.php



Code: [Select]
hxxp://aaa419.com/vv12218/doc2.docmd5sum ===> b2dac46e25e6ad358dd15514f80fd849

March 03, 2010, 10:39:32 am
Reply #169

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 193.105.0.100
Code: [Select]
hxxp://moidon.com/kayboardm.bin
md5sum ===> 8c811275ccdc8cc9398476a2d57757a2
Code: [Select]
hxxp://moidon.com/matchcat.exemd5sum ===> 3b67959591742c5fc3a63c767777aab0
http://www.virustotal.com/analisis/2ffe6fc4bbab63be0cca297f91b201a6a1a40184993bf982c116eaa6237e501a-1267612614
VT 5/42 (11.91%)
Code: [Select]
hxxp://moidon.com/speakermusic.php

IP 95.143.192.40
Code: [Select]
hxxp://lipesnaskom.com/cgi-binn/kisme.bin
md5sum ===> 32d6a3bda965e19d974c91d06e497eb7

March 03, 2010, 11:10:16 am
Reply #170

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 95.143.192.40
Code: [Select]
hxxp://lipesnaskom.com/cgi-binn/kisme.bin



zeus trojan no yet works:

Code: [Select]
hxxp://nordrilskre.com/load/admin/load/l_1.exeand related:
Code: [Select]
hxxp://nordrilskre.com/load/admin/poin.php?v=3&id=88b1e97e-76487-644-4651974-59973
hxxp://nordrilskre.com/load/admin/hide.dll

March 03, 2010, 08:23:50 pm
Reply #171

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 69.64.52.70
Code: [Select]
hxxp://selfwebguide.com/vaza/config.binmd5sum ===> 79d3fc9804f44791d69a34ec3dfefa57


IP 61.4.82.222
Code: [Select]
hxxp://6orod.in/core/can/config.bin md5sum ===> fa45c65cf2254d25282cd722f5af3fed

March 03, 2010, 09:20:42 pm
Reply #172

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://gametester.ru/kljdaiw/afdsse2grng.jpgmd5sum ===> 8f0bc7037e17e0fdcaf44178641d0cb3
Code: [Select]
hxxp://gametester.ru/admin7hk8o/getbotdata.php
new file:

Code: [Select]
hxxp://91.201.196.37/Pho2Vi.Mieh9amd5sum ===> 327e975799f19c9d8d5b2dbe525fcc0d

March 04, 2010, 07:12:10 am
Reply #173

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 61.4.82.222
Code: [Select]
hxxp://www.6orod.in/core/can/config.bin md5sum ===> fa45c65cf2254d25282cd722f5af3fed
Code: [Select]
hxxp://www.6orod.in/core/gt.php
Code: [Select]
hxxp://nadvet.su/barakoda/config.binmd5sum ===>0d4e3912787c7ea29c473078e7287837
Code: [Select]
hxxp://nadvet.su/barakoda/bot.exemd5sum ===> be94646b7f581b34716c133a1fac53f6
http://www.virustotal.com/analisis/e226864ff92faf1859b1e767112fb787ab6d94ec4403429f0c86f2cf16fac5f6-1267633062
Code: [Select]
hxxp://nadvet.su/barakoda/gate.php
Code: [Select]
hxxp://193.105.0.70/rowrow111.binmd5sum ===> 6f6f54cd9b012c67e3f6819becd60457
Code: [Select]
hxxp://193.105.0.70/kiwi.exemd5sum ===> 96f15857bc873bd08aa86cfd35968ff0
http://www.virustotal.com/analisis/1e9fa7bd1ac64945a10d8b56a43066b409988ff02a10961762dbb1d0b8651479-1267555923
Code: [Select]
hxxp://193.105.0.70/kuota.php

related malware:

Code: [Select]
hxxp://flashplayeradobe.com/theblog/confis/svchost.exemd5sum ===> 448b2533193e7d2581c84fd2f235b479
http://www.virustotal.com/analisis/2829bae4c51390be4d494ca53f3a1a8db3602a0eb1b532c90d61e97c65e4dbc7-1267543547

March 04, 2010, 10:25:48 am
Reply #174

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://193.105.0.95/maraftey.binmd5sum ===>6f59265f8d97caffc9a0a63630034547
Code: [Select]
hxxp://193.105.0.95/dfgytuny54g.exemd5sum ===> b7682ed6e9e4dc559e549ce63c2c9f1a
http://www.virustotal.com/analisis/2121805cc6ca3107148e89f98da0edbd65ba85d43ee3d3790a88003a1bda80b8-1267697865
VT 13/42 (30.96%)
Code: [Select]
hxxp://193.105.0.95/l986gfft5hrr.php
Code: [Select]
hxxp://193.105.0.33/yahoo.binmd5sum ===> 67dd3e75ec12420394635eb7d5d68204
Code: [Select]
hxxp://193.105.0.33/fjhr8g7h8j.exemd5sum ===> 9bd99da5521f3bbe934395d152618936
http://www.virustotal.com/analisis/0f56bdfc8a8890292cff4b4ecf839740c70190441214ab6ae4ff97b860ebf320-1267697996
VT 5/42 (11.91%)
Code: [Select]
hxxp://193.105.0.33/cvkfhg5ugj.php
Code: [Select]
hxxp://188.124.7.247/zp/cfg000.bin
md5sum ===> 0301030020e5cdf8f4d772167a4b981c

March 04, 2010, 11:34:06 am
Reply #175

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 91.206.201.224
Code: [Select]
hxxp://dnuos.ru/url/url.binmd5sum ===> a581cbe2bf2810649e9bd989825fe095
Code: [Select]
hxxp://dnuos.ru/url/url.exemd5sum ===> 78bcf2bfd658f7b3475eb4746059289e
http://www.virustotal.com/analisis/93009095a871f06eadd26463de3a403b5cdd368574456f1e281be5602d385bd5-1267702107
VT 3/42 (7.15%)

March 04, 2010, 05:45:57 pm
Reply #176

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 72.18.157.34
Code: [Select]
hxxp://brockenmon.cn/pA6oTA/mail/cig.binmd5sum ===> 58717ff449d2a973f651225c58ce0423
Code: [Select]
hxxp://brockenmon.cn/pA6oTA/gate.php

March 04, 2010, 08:33:03 pm
Reply #177

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 61.4.82.249
Code: [Select]
hxxp://ddknet.biz/hi/wert.binmd5sum ===> 312d85129db01ee8b8ae36f159abb2d6

March 05, 2010, 07:56:22 am
Reply #178

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 188.124.5.110
Code: [Select]
hxxp://usworldcast.com/100/cfg3.binmd5sum ===> 593914d3a04910a41f0f189d47331ff9

IP 61.4.82.249
Code: [Select]
hxxp://promolistings.net/nulled/help.txtmd5sum ===> f16a32f0d9e3811ce6df0c0118aaea2a

March 05, 2010, 09:11:33 am
Reply #179

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
The Postman Always Rings Twice ;)

Code: [Select]
hxxp://193.105.0.210/revoltver.binmd5sum ===> 7d05c622719d20adb41abfe5e1dd9cc0
Code: [Select]
hxxp://193.105.0.210/antweprer.exemd5sum ===> ceb794f61bdd7ca44e377989abfe67b2
http://www.virustotal.com/analisis/ffb91571a20903845fefe3704742a053ee6904ddccbddfdef6bcde647b304dc8-1267779838
VT 5/42 (11.91%)
Code: [Select]
hxxp://193.105.0.210/huizhu.php