Malware Related > Malicious Domains

Trojan Ransom

<< < (55/56) > >>

EP_X0FF:
hxxp://capitfoska.ru/

payload located at hxxp://mudoman.ru/codfullhdxavi.exe

use
--- Code: ---http://capitfoska.ru
--- End code ---
as referer to access download.


--- Code: ---GET /codfullhdxavi.exe HTTP/1.1
Host: mudoman.ru
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17
Referer: http://capitfoska.ru/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.3

HTTP/1.1 200 OK
Server: nginx/1.2.6
Date: Mon, 11 Feb 2013 13:03:18 GMT
Content-Type: application/x-msdos-program
Content-Length: 1742695
Connection: keep-alive
Last-Modified: Mon, 11 Feb 2013 07:10:04 GMT
ETag: "38c0fe3-1a9767-4d56d991feb00"
Accept-Ranges: bytes
--- End code ---

EP_X0FF:

--- Code: ---hxxp://df.pizdafyqib.ru/administrator/weather.php?browse=151
--- End code ---

Sweet Orange EK, payload trojan ransom.

http://wepawet.iseclab.org/view.php?hash=81bf0f995a58bb166945671fc638681a&t=1367323769&type=js

EP_X0FF:
Sweet Orange EK, serving trojan ransom as payload.

--- Quote ---hxxp://wsd.nuwazy.ru/sites/oplata/codestariff/themes.php?strategy=154
--- End quote ---

http://wepawet.iseclab.org/view.php?hash=ac261ed869a63d3224d021f64ce04757&t=1367516936&type=js

EP_X0FF:
Sweet Orange EK, payload trojan ransom.

--- Code: ---hxxp://za.omovigminet.ru/bugs/books/partner/themes.php?strategy=156
--- End code ---

http://wepawet.iseclab.org/view.php?hash=59e133adcb8a8d34197cbc4f789e5549&t=1367603453&type=js

Gnomo:
www.moorelegacygroup.com/ZNru8f.exe

Ransom Locky loaded by email malware.

Site owner has  been contacted on 3/29/16 no answer yet, link is active.

Regards

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version