Malware Related > Malicious Domains
Trojan Ransom
EP_X0FF:
hxxp://capitfoska.ru/
payload located at hxxp://mudoman.ru/codfullhdxavi.exe
use
--- Code: ---http://capitfoska.ru
--- End code ---
as referer to access download.
--- Code: ---GET /codfullhdxavi.exe HTTP/1.1
Host: mudoman.ru
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17
Referer: http://capitfoska.ru/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.3
HTTP/1.1 200 OK
Server: nginx/1.2.6
Date: Mon, 11 Feb 2013 13:03:18 GMT
Content-Type: application/x-msdos-program
Content-Length: 1742695
Connection: keep-alive
Last-Modified: Mon, 11 Feb 2013 07:10:04 GMT
ETag: "38c0fe3-1a9767-4d56d991feb00"
Accept-Ranges: bytes
--- End code ---
EP_X0FF:
--- Code: ---hxxp://df.pizdafyqib.ru/administrator/weather.php?browse=151
--- End code ---
Sweet Orange EK, payload trojan ransom.
http://wepawet.iseclab.org/view.php?hash=81bf0f995a58bb166945671fc638681a&t=1367323769&type=js
EP_X0FF:
Sweet Orange EK, serving trojan ransom as payload.
--- Quote ---hxxp://wsd.nuwazy.ru/sites/oplata/codestariff/themes.php?strategy=154
--- End quote ---
http://wepawet.iseclab.org/view.php?hash=ac261ed869a63d3224d021f64ce04757&t=1367516936&type=js
EP_X0FF:
Sweet Orange EK, payload trojan ransom.
--- Code: ---hxxp://za.omovigminet.ru/bugs/books/partner/themes.php?strategy=156
--- End code ---
http://wepawet.iseclab.org/view.php?hash=59e133adcb8a8d34197cbc4f789e5549&t=1367603453&type=js
Gnomo:
www.moorelegacygroup.com/ZNru8f.exe
Ransom Locky loaded by email malware.
Site owner has been contacted on 3/29/16 no answer yet, link is active.
Regards
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version