« previous next »
Pages: [1]   Go Down

Author Topic: Phoenix kits  (Read 5919 times)

0 Members and 1 Guest are viewing this topic.

December 01, 2011, 05:51:51 pm
Read 5919 times

pktguy

  • Jr. Member
  • Offline
  • **
  • 39
Phoenix kits
Logged
December 01, 2011, 06:20:49 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 3335
Re: Phoenix kits
Are you sure that it is Phoenix ?

I'm looking for the name.

http://www.malwaredomainlist.com/forums/index.php?topic=4695.0

I still have the problem that it always returns 404 only.
Logged
Ruining the bad guy's day
December 01, 2011, 06:54:20 pm
Reply #2

pktguy

  • Jr. Member
  • Offline
  • **
  • 39
Re: Phoenix kits
It triggered Emerging Threats rule "ET CURRENT_EVENTS Phoenix URI Requested Contains /? and hex", so I am assuming that's what it is.  I hit the URL from inside a sandbox which caused it download several .jar files and finally loaded zeroaccess.  You can see where it tried to load the applets in the SetInnerHTML section of http://urlquery.net/report.php?id=10179
Logged
Pages: [1]   Go Up
« previous next »