Malware Domain List

Malware Related => Malicious Domains => Topic started by: extrexploit on October 14, 2010, 03:39:58 pm

Title: Trojan/Zbot.B / LICAT / Murofet - Domains
Post by: extrexploit on October 14, 2010, 03:39:58 pm

lrulqnsknrngii.com/news/?s=333
oxgtnnefurwoym.com/news/?s=333
ppmnvoykjkpznso.info/news/?s=333
qqwnudmsqzkyvnig.info/news/?s=333
rrpgrrvlospmndum.com/news/?s=333
sprkslhjshwdcomn.com/news/?s=333
tnjulxjrlletzj.org/news/?s=333
xrfrpevxvjbimup.info/news/?s=333
xrfrpevxvjbimup.info/news/?s=111
hsosqykotrpsapxb.com/news/?s=333

for more info: http://extraexploit.blogspot.com/2010/10/some-domains-for-licatmurofettrojanzbot.html

Title: Re: Trojan/Zbot.B / LICAT / Murofet - Domains
Post by: Amishrabbit on October 14, 2010, 04:59:08 pm

All currently resolve to 195.189.226.107 (http://www.robtex.com/ip/195.189.226.107.html)

According to Robtex there are other domains shared on that IP. The complete list is::

ktpovjglusmlgowj.info
kwqoutmkxpjvupsm.info
ntetjxwptxprwum.info
ppmnvoykjkpznso.info
qqwnudmsqzkyvnig.info
snjkopspqsvsjnn.info
vvjsuxryvlgpsno.info
xrfrpevxvjbimup.info
iuxylqfjoweldkjt.biz
qsvlpniiolwfqcpv.biz
jlpnthukkmpsnxw.net
njjldkttekjpsib.net
pjoonugrjunzlr.net
ioppkgipkgk.org
kxconwxqkjqfdvxr.org
opkmistvknnmyu.org
oqynoyvrkqtgodui.org
ruhgulxuojxgzp.org
rxcucjigojwvujp.org
tnjulxjrlletzj.org
hsosqykotrpsapxb.com
lrulqnsknrngii.com
oxgtnnefurwoym.com
rrpgrrvlospmndum.com
sprkslhjshwdcomn.com
vqwlouxcpqwmiai.com

However, only the original nine domains at the top are currently delivering malware.

Title: Re: Trojan/Zbot.B / LICAT / Murofet - Domains
Post by: extrexploit on October 14, 2010, 06:56:05 pm

At this time I can still retrieve zbot.b from hsosqykotrpsapxb.com/news/?s=333
Can you confirm ? Have you got info about spreading vector ?

Regards