Author Topic: Malicious domains Trojan.Banker  (Read 2992 times)

0 Members and 1 Guest are viewing this topic.

January 11, 2011, 12:10:23 pm
Read 2992 times

rawdata

  • Jr. Member

  • Offline
  • **

  • 14
Domains and drop pages used by the latest variation.

hxxp://p2079-ipbf207souka.saitama.ocn.ne.jp/documents/CalStarts.asp
which redirects to:
hxxp://75.151.251.213/images/factura_20.1.exe

C&C at:
hxxp://200.13.244.245/cw-assenta/bin/pt/post.asp

And another variant:

hxxp://vivotorpedo.sytes.net/?Torpedo-numero.62xx3918.JPG
which redirects to:
hxxp://know.webcindario.com/ver.php/?Torpedo-numero.62xx3918.JPG