New Zeus server

[jackberri]

IP Location:  China - Sun Rise Technology Co.ltd
IP 121.101.216.195
AS4847
Registrant/Email Registrant: Ted Thorson/kentos@gwab.com

Code: [Select]

hxxp://senders2010.com/sites/up.binmd5sum ===> 285bb8dfaac3018257cfae3e18e36ba4
SHA256 ===>  2b74a68f4ed0ada67659c015704eabef4bf657fa2809d7eb9543f7f1939aaca8

Code: [Select]

hxxp://senders2010.com/sites/update.exemd5sum ===> ce72195b65287b4f277fbfbc87d36fbc
SHA256 ===>  fe7e312905d36aac3e700f97b40345629fb1e604e0976dd82d4a03b3fa944e2c
http://www.virustotal.com/es/analisis/fe7e312905d36aac3e700f97b40345629fb1e604e0976dd82d4a03b3fa944e2c-1277042061
VT 31/41 (75.61%)

Code: [Select]

hxxp://senders2010.com/sites/index1.php
IP Location:  China - Sun Rise Technology Co.ltd
IP 121.101.216.232
AS4847
Registrant/Email Registrant: Michael Gray/migray71@yahoo.com

Code: [Select]

hxxp://grigga-sinna.com/mix/brug.binmd5sum ===> 8c3acd7efebab9c5528b54b11215f9f2
SHA256 ===>  94f851fb973bf363a0cc5f9c1b60e4ec791326f852b7128905b9f29a8d44d78b

Code: [Select]

hxxp://grigga-sinna.com/mix/prts.exemd5sum ===> d81e236fc7be8998fcb9e7c7fe487396
SHA256 ===>  5a9185a3b1b59657dbfd6dbefe3c1bdc678e66316216311f7aa8bbba9c3d7fe3
http://www.virustotal.com/es/analisis/5a9185a3b1b59657dbfd6dbefe3c1bdc678e66316216311f7aa8bbba9c3d7fe3-1277040703
VT 27/41 (65.86%)

Code: [Select]

hxxp://grigga-sinna.com/mix/s.phpother sites:

Code: [Select]

infoshok.info
newdaypeace.org
sokam.info
superhomelawn.com
keroholek.net

[jackberri]

IP Location: Netherlands - Deziweb first PI netblock - OXILION-AS Oxilion B.V.
IP 91.198.106.196
[vds658.deziweb.com]
AS48539

Code: [Select]

hxxp://amsterdamtoteheran.nl/apache.jpgmd5sum ===> bbde3bab4a97ed75736b761169a80491
SHA256 ===>  d8fb95049fb0335d9780b26fad9e73cfc8e6f64ebd33a2074433b4c19e6aab79

IP Location: Slovenia - SiOL.SI, Provider Aggregated Block SiOL Internet d.o.o - SIOL-NET Telekom Slovenije d.o.o
IP 193.189.160.32
[sirius-b.siol.net]
AS5603

Code: [Select]

hxxp://www.amar-co.si/apache.jpgmd5sum ===> bbde3bab4a97ed75736b761169a80491
SHA256 ===>  d8fb95049fb0335d9780b26fad9e73cfc8e6f64ebd33a2074433b4c19e6aab79

dropzone (already listed) for amar-co.si & amsterdamtoteheran.nl:

Code: [Select]

hxxp://medianservicebz.net/webstate/webstat.php
IP Location: Slovenia - SiOL.SI, Provider Aggregated Block SiOL Internet d.o.o - SIOL-NET Telekom Slovenije d.o.o
IP 76.76.101.70
[reverse-mtl-76-76-101-70.gogax.com]
AS21793
Registrant/Email Registrant: Hilary Kneber/hilarykneber@yahoo.com

Code: [Select]

hxxp://hikmesanbukais.com/hdsr/dst/lob.phptrojan:

Code: [Select]

hxxp://hikmesanbukais.com/kl/fu.exemd5sum ===> 1d1e6f890238caffa88580944c51f9a5
SHA256 ===>  212362344cc0acd66dbbfc648ed20ce01144631c3ce9a456392cc45690a44be7
http://www.virustotal.com/es/analisis/212362344cc0acd66dbbfc648ed20ce01144631c3ce9a456392cc45690a44be7-1277211749
VT 24/41 (58.54%)

other malware:
Trojans  Downloader Agent:
IP Location: United States - ASN-NA-MSG-01 Managed Solutions Group, Inc.
IP 205.209.143.94
AS27645

Code: [Select]

hxxp://www.20iamback.com/u81.htmmd5sum ===> e3b0cc89dcab6a97d692e7f52d67ec1a
SHA256 ===>  a693613ec60d1e949bd45bfcccaf8d9d903946627cf16788b72e485e5a2ae36b
http://www.virustotal.com/es/analisis/a693613ec60d1e949bd45bfcccaf8d9d903946627cf16788b72e485e5a2ae36b-1277230296
VT 21/40 (52.5%)

IP Location: United States - Comcast Cable Communications, Inc - FDCSERVERS AS for FDC Servers
IP 76.73.94.174
[hypassin.com]
AS30058
Registrant/Email Registrant: li yugang/3691994400@qq.com

Code: [Select]

hxxp://www.battl1e.net/sharp/mti1.htmmd5sum ===> 671e48127ed944f410b38ff5bb107d68
SHA256 ===>  c1ea1701b254a62471b8290e7b686ff4266ad4cea94907cece8cda63be2044d6
http://www.virustotal.com/es/analisis/c1ea1701b254a62471b8290e7b686ff4266ad4cea94907cece8cda63be2044d6-1277231536
VT 4/40 (10%)

Code: [Select]

hxxp://www.battl1e.net/sharp/on2n.htmmd5sum ===> 015e372f8d7ca449e5cf43d6073af411
SHA256 ===>  7c5c10b0ccc7b449a8ffb36874fdfe405ac9a2c8b4bf4a298de803a20a98b0b2
http://www.virustotal.com/es/analisis/7c5c10b0ccc7b449a8ffb36874fdfe405ac9a2c8b4bf4a298de803a20a98b0b2-1277231238
VT 5/41 (12.2%)

Code: [Select]

hxxp://www.battl1e.net/uhy.htmmd5sum ===> 5e101107e979eb6a64bce44a7da95d0e
SHA256 ===>  6d14b2c720ad66b558ac209c03550fcff005a023984d49c6149ce6f32e3e3eef
http://www.virustotal.com/es/analisis/6d14b2c720ad66b558ac209c03550fcff005a023984d49c6149ce6f32e3e3eef-1277231745
VT 4/41 (9.76%)

[jackberri]

IP Location: Viet Nam
IP 125.212.165.128
AS24086
Registrant ID:2b630a2f7c47b122
Registrant/Registrant Email: Paul Hohlbein/wadosihp948@gmail.com

Code: [Select]

hxxp://indexxor.info/apachev2.jpgmd5sum ===> 6385fecbebd8c6e23eee13d9338d2dec
SHA256 ===>  064e0ed3ad53486dedc49b8a28729b96c75dceef346949474ad72aaf6b4dcd48
dropzone:
IP Location: France - PROXAD Free SAS
IP 88.191.17.26
[sd-2179.dedibox.fr]
AS24086
Registrant ID:2b630a2f7c47b122
Registrant/Registrant Email: Matthew Johnson/ruyerfky9@gmail.com

Code: [Select]

hxxp://pteradaktel.net/webstate/webstat.php

[jackberri]

IP Location: Netherlands - Deziweb first PI netblock - OXILION-AS Oxilion B.V.
IP 91.198.106.67
[s2.wlserver.nl]
AS48539

Code: [Select]

hxxp://deltalloydbusinesscourse.nl/apache.jpgmd5sum ===> bbde3bab4a97ed75736b761169a80491
SHA256 ===>  d8fb95049fb0335d9780b26fad9e73cfc8e6f64ebd33a2074433b4c19e6aab79
related (Fake AV):
IP Location: Netherlands - LeaseWeb AS Amsterdam
IP 95.211.131.185
AS16265
[hosted-by.leaseweb.com]
Registrant/Registrant Email: Eureka Jewelry Design/cmsherwin@aol.com

Code: [Select]

hxxp://ns1.eurekajewelrydesign.com/main.php?h=deltalloydbusinesscourse.nl&i=Jcmog9Qeo/Osjxj7U8VHw5sXog==&e=r

[jackberri]

IP Location: China - CHINA-TELECOM
IP 59.53.91.124
AS4134
Registrant Email: abusehostserver@gmail.com

Code: [Select]

hxxp://anuegonahui.cn/config.binmd5sum ===> 95db42b1bd8ea82f2edc4ffe0019f634
SHA256 ===>  2ac0157c3f8081e6c2bf3d518afafbea6b1fb1ccc5c5c3b6d92e006c186167d2

Code: [Select]

hxxp://anuegonahui.cn/bot.exemd5sum ===> b2025cee825ce13e8528933b3b935ebe
SHA256 ===>  908e343756deabf97023ef9a1f226671dffbf0ce74e6abaca7d8076e1fb2296a
http://www.virustotal.com/es/analisis/908e343756deabf97023ef9a1f226671dffbf0ce74e6abaca7d8076e1fb2296a-1277360554
VT 19/41 (46.35%)

Code: [Select]

hxxp://anuegonahui.cn/game.php

[jackberri]

config file:
IP Location: Bosnia and Herzegovina - GlobalNET Bosnia - BA-GLOBALNET-AS GlobalNET Bosnia x Internet Service Provider
IP 77.78.240.44
AS42560
Registrant ID:45597597-NSI
Registrant/Registrant Email: Bit System/dalass233@hotmail.com

Code: [Select]

hxxp://googletracker.info/mp3/music/wave.binmd5sum ===> 043f142e4945e37e7efcbcc05a80a3d1
SHA256 ===>  244c188a2ce07e065de3c9c9edf9e6e15b9915a7417f2715d91fbf2396a6a4f2

ZeuS trojan:
IP Location: United States - PNAP-LAX softlayerexempt - SOFTLAYER Technologies Inc
IP 75.126.124.164
[voda13.vodahost.com]
AS36351
Registrant ID:  69436O786844
Registrant/Registrant Email: Zubin Hiramanek/zubin11@hotmail.com

Code: [Select]

hxxp://pulselocums.com.au/media/sound.exemd5sum ===> 8c81399fe156f3f129e5f1a2079699ba
SHA256 ===>  191d6ac238d6684a385380826bcf34f2698632c2ca9fbc57f4143b0310ea5cc0
http://www.virustotal.com/es/analisis/191d6ac238d6684a385380826bcf34f2698632c2ca9fbc57f4143b0310ea5cc0-1277361797
VT 16/40 (40%)

[jackberri]

IP Location: Russian Federation - KALUGA-NET - KALUGANET AI Ltd
IP 193.104.34.63
AS50108
Registrant Email: admin@playwithout.ru

Code: [Select]

hxxp://baqrr.ru/bong0.bmpmd5sum ===> b050887bc71b11023d7e29d6068a3a3f
SHA256 ===>  30d281187c566f6841fecd88bd3a835b98a2abdfe0ec59c2865babd3c7200578

IP Location: Russian Federation - KALUGA-NET - KALUGANET AI Ltd
IP 193.104.34.63
AS50108
Registrant Email: admin@esamigo.ru

Code: [Select]

hxxp://evvke.ru/index1.php
IP Location: Moldova - STARNET-AS StarNet Moldova
IP 195.206.246.222
AS31252
Registrant Email: admin@vipcastlefinal.ru

Code: [Select]

hxxp://8string.ru/file1.exemd5sum ===> c060a4b811adcb90e69ad828b1022006
SHA256 ===>  0751829476a46ca638f6402e0b4a3ddb11064ffd582acf743785036cd16e7d08
http://www.virustotal.com/es/analisis/0751829476a46ca638f6402e0b4a3ddb11064ffd582acf743785036cd16e7d08-1277371457
VT 8/41 (19.52%)

Code: [Select]

hxxp://8string.ru/file2.exemd5sum ===> 0f03f9476d0c01e0a49be0aa9f927298
SHA256 ===>  1ba4df1d150b52e2cd942867cde21b20cd52fde4a337cb08f90ba82c21b5fcc1
http://www.virustotal.com/es/analisis/1ba4df1d150b52e2cd942867cde21b20cd52fde4a337cb08f90ba82c21b5fcc1-1277371674
VT 3/41 (7.32%)

Code: [Select]

hxxp://8string.ru/file3.exemd5sum ===> 6a2242f2b0fc2ec60728eb3236693b31
SHA256 ===>  4284a957de21cb626f5888cff7bd4a3fe2ea2fddf783d4112d7f84f0273bb010
http://www.virustotal.com/es/analisis/4284a957de21cb626f5888cff7bd4a3fe2ea2fddf783d4112d7f84f0273bb010-1277371852
VT 8/41 (19.52%)

IP Location: Moldova - STARNET-AS StarNet Moldova
IP 195.206.246.222
AS31252
Registrant ID: OLNI_197517_0_0
Registrant/Registrant Email: Uter Fallen/admin@kannat.biz

Code: [Select]

hxxp://kannat.biz/gate.phprelated:

Code: [Select]

hxxp://eadboong.com/ztvb/gate/

[jackberri]

AS42953
email: roman@moscapital.ru

Code: [Select]

hxxp://91.194.0.40/aud2version.binmd5sum ===> 0d2631cea467c852466e547772ad5c10
SHA256 ===>  143ac466450f5142bc36dff3d70ec18cd74a4aa7e4c70a32366007279f32c72a

inetnum:        91.194.0.0 - 91.194.1.255
netname:        MOSCOWCAPITALBANK-NET
descr:          Bank Moscowskiy Kapital Ltd.
country:        RU

org:            ORG-BMKL1-RIPE
organisation:   ORG-BMKL1-RIPE
org-name:       Bank Moscowskiy Kapital Ltd.
org-type:       OTHER

[jackberri]

IP Location: Netherlands - Nxs Internet BV
IP 217.115.197.58
[php4.cluster2.nxs.nl]
AS16237

Code: [Select]

hxxp://rjd-010.nl/apache.jpg
hxxp://rjd-010.nl/apachev2.jpgmd5sum ===> bbde3bab4a97ed75736b761169a80491
SHA256 ===>  d8fb95049fb0335d9780b26fad9e73cfc8e6f64ebd33a2074433b4c19e6aab79
dropzone (already listed):

Code: [Select]

hxxp://pteradaktel.net/webstate/webstat.php
IP Location: Netherlands - Gelderland Internet Exchange - GL-IX-AS
IP 77.95.248.188
[e3-srv74.server.eu]
AS43190

Code: [Select]

hxxp://pugs.nl/apache.jpg
hxxp://pugs.nl/apachev2.jpgmd5sum ===> bbde3bab4a97ed75736b761169a80491
SHA256 ===>  d8fb95049fb0335d9780b26fad9e73cfc8e6f64ebd33a2074433b4c19e6aab79
dropzone (already listed):

Code: [Select]

hxxp://pteradaktel.net/webstate/webstat.php

[jackberri]

IP Location:           - Najada route - INTERACTIVE3D-AS Interactive3D
IP 91.216.122.18
AS49544
Registrant/Registrant Email: Scott Christie/s.christie10@yahoo.com

Code: [Select]

hxxp://pezdeshnosti.net/agressive.exemd5sum ===> 0351dccb2fab5b3553881cc7a7834996
SHA256 ===>  30292cc5a042b91009c2aa0db157f362abd45893b61bd6277ad6c143d1c2c0a0
http://www.virustotal.com/es/analisis/30292cc5a042b91009c2aa0db157f362abd45893b61bd6277ad6c143d1c2c0a0-1277464259
VT 19/41 (46.35%)

Code: [Select]

hxxp://pezdeshnosti.net/ddd/gate436465.phprelated:

Code: [Select]

server12.ss2.name

[jackberri]

IP Location: Netherlands - Nxs Internet BV
IP 217.115.197.59
[php5.cluster2.nxs.nl]
AS16237

Code: [Select]

hxxp://werkenbijdlapiper.nl/apache.jpg

Code: [Select]

hxxp://werkenbijdlapiper.nl/apachev2.jpgmd5sum ===> bbde3bab4a97ed75736b761169a80491
SHA256 ===>  d8fb95049fb0335d9780b26fad9e73cfc8e6f64ebd33a2074433b4c19e6aab79
dropzone (already listed):

Code: [Select]

hxxp://pteradaktel.net/webstate/webstat.php
IP Location: Singapore - QALA Singapore Pte Ltd - QALA-SG-AP M1 Connect Pte Ltd
IP 210.193.49.130
[svr10.focushub.com]
Registrant/Registrant Email: Bryan Wong/SIDEWALK10@ZERO.AD.JP
AS17547

Code: [Select]

hxxp://praisemytee.com/apache.jpg

Code: [Select]

hxxp://praisemytee.com/apachev2.jpgmd5sum ===> bbde3bab4a97ed75736b761169a80491
SHA256 ===>  d8fb95049fb0335d9780b26fad9e73cfc8e6f64ebd33a2074433b4c19e6aab79
dropzone (already listed):

Code: [Select]

hxxp://pteradaktel.net/webstate/webstat.phprelated (Fake AV):

Code: [Select]

hxxp://wiki.joymineralcosmetics.com/main.php?h=praisemytee.com&i=J8moj9sbrP6sihj7U8VDy5sXog==&e=4
IP Location:   France - Ovh Sas
IP 213.186.33.87
[cluster014.ovh.net]
AS16276

Code: [Select]

hxxp://marathon-demenagement.fr/alogo.jpgmd5sum ===> db0601b2aadb6ea03b0828203b365c84
SHA256 ===>  1749b809f111f27f4fe666969bafbd50e655bf2b6448918805dab63c3a9b0f74
dropzone (already listed):

Code: [Select]

hxxp://www.blogjo.biz/webstate/webstat.php
IP Location:  Malaysia  - Exa Bytes Network Sdn.Bhd - EXABYTES-AS-AP Exa Bytes Network Sdn.Bhd
IP 110.4.45.98
AS46015

Code: [Select]

hxxp://solartif.com.my/alogo.jpgmd5sum ===> db0601b2aadb6ea03b0828203b365c84
SHA256 ===>  1749b809f111f27f4fe666969bafbd50e655bf2b6448918805dab63c3a9b0f74
dropzone (already listed):

Code: [Select]

hxxp://www.blogjo.biz/webstate/webstat.phprelated (Fake AV):

Code: [Select]

hxxp://ns1.joymineralcosmetics.com/main.php?h=solartif.com.my&i=JcSvj9Qarf+mihj7U8VDw5kXog==&e=4
IP Location:  Malaysia  - Exa Bytes Network Sdn.Bhd - EXABYTES-AS-AP Exa Bytes Network Sdn.Bhd
IP 110.4.45.111
[bramble.mschosting.com]
AS46015

Code: [Select]

hxxp://wic.com.my/alogo.jpgmd5sum ===> db0601b2aadb6ea03b0828203b365c84
SHA256 ===>  1749b809f111f27f4fe666969bafbd50e655bf2b6448918805dab63c3a9b0f74
dropzone (already listed):

Code: [Select]

hxxp://www.blogjo.biz/webstate/webstat.phprelated (Fake AV):

Code: [Select]

hxxp://blog.onlyyoulifestyle.com/main.php?h=wic.com.my&i=JcSvj9Qarf+njRj7U8VCw5IXog==&e=4related:

Code: [Select]

hxxp://tviwvo.pohuy.ws/t/t?
IP Location:  Netherlands  - LEASEWEB - LeaseWeb AS
IP 85.17.3.199
AS16265

Code: [Select]

hxxp://markec.by/alogo.jpgmd5sum ===> db0601b2aadb6ea03b0828203b365c84
SHA256 ===>  1749b809f111f27f4fe666969bafbd50e655bf2b6448918805dab63c3a9b0f74
dropzone (already listed):

Code: [Select]

hxxp://www.blogjo.biz/webstate/webstat.php
Fake AV for supradem.fr

Code: [Select]

hxxp://wwww.causeof.org/main.php?h=supradem.fr&i=J8mjj9QYr/mhgRj7U8tHz5kXog==&e=4
hxxp://wwww.causeof.org/main.php?i=J8mjj9QYr/mhgRj7U8tHz5kXog==&e=3
IP Location:  Russian Federation - Bank Moscowskiy Kapital Ltd
AS42953

Code: [Select]

hxxp://91.194.0.20/beemstofadm.binmd5sum ===> 70002aa44905bb6fdacac4d951fdc759
SHA256 ===>  4d830e91fe7a64a760a92abd6aebe01f605a21747da5a5e056798cf653341490

other malware
trojan dropper agent

Code: [Select]

hxxp://hostshack.net/files/328997512/UltimateCodes.exemd5sum ===> 8c3f8827614de3692cb3cc7ef73c5ff0
SHA256 ===>  e4a4f62ed8f562fdf03ab1a4e49beb2818f97bfe41af76770eb0cc76cb00953e
http://www.virustotal.com/es/analisis/e4a4f62ed8f562fdf03ab1a4e49beb2818f97bfe41af76770eb0cc76cb00953e-1277480863
VT 2/41 (4.88%)

IP Location:  China - China Telecom Guangxi province - CHINA-TELECOM
IP 222.217.221.27
AS4134

Code: [Select]

hxxp://ip.yihaha.org/gorun.exemd5sum ===> 1398a666565e0b0e0266abcaf19e57ba
SHA256 ===>  493f577832ab229332b2919a0c93d2169b1fd32e3c0972d8450ba32036114c3f
http://www.virustotal.com/es/analisis/493f577832ab229332b2919a0c93d2169b1fd32e3c0972d8450ba32036114c3f-1277481037
VT 14/40 (35%)

Code: [Select]

hxxp://ip.yihaha.org/click.exemd5sum ===> 31802c1c776687f837eb0f5877da1798
SHA256 ===>  bab6f1cc6ad9c9d7b101ac6bf7f8722cc03c033070f95c229feec61cf99215b7
http://www.virustotal.com/es/analisis/bab6f1cc6ad9c9d7b101ac6bf7f8722cc03c033070f95c229feec61cf99215b7-1277481507
VT 15/40 (37.5%)

[jackberri]

IP: peer-to-peer networking?
Registrant/Registrant Email: Peter A. Bush/PeterABush@example.com

Code: [Select]

hxxp://mnbvicdij4uhdjb5421knnkd.com/bin/oraha.bin
hxxp://mnbvicdij4uhdjb5421knnkd.com/bin/orahxa.binmd5sum ===> dfd46f8fdf3084984f57580fbe4f40b9
SHA256 ===>  eca7c31d4ca9f6dd749657db69e3d28045a19ff926c085d38f57c7072d376961

Code: [Select]

hxxp://mnbvicdij4uhdjb5421knnkd.com/xman/xman.binmd5sum ===> 4b39facc0eb63bfe05d7b0bae4a8a125
SHA256 ===>  a5fa854b55e81f62789bfb5a0951f4a9b75fb45ef34fcb9d02edfcfbc5b68785

Code: [Select]

hxxp://mnbvicdij4uhdjb5421knnkd.com/bin/orahxa.exemd5sum ===> 824957281e4a1f35d5ccb5d93c90c238
SHA256 ===>  d09833c762096ea1ee3d3ad4b6a76eff08c956937b2eca53077a071ca08a31d5

Code: [Select]

hxxp://mnbvicdij4uhdjb5421knnkd.com/xman/xman.exemd5sum ===> a394e171555b406295465d4c49df81fb
SHA256 ===>  48f5cd3e3630cbbc6df5abbe09fb6fa0815b8b58cfebe26eb51ddacb75c2e705

Code: [Select]

hxxp://mnbvicdij4uhdjb5421knnkd.com/xman/gogo.php
IP Location:   France  - Ovh Sas
IP 213.186.33.19
[cluster010.ovh.net]
AS16276

Code: [Select]

hxxp://supradem.fr/alogo.jpgmd5sum ===> db0601b2aadb6ea03b0828203b365c84
SHA256 ===>  1749b809f111f27f4fe666969bafbd50e655bf2b6448918805dab63c3a9b0f74
dropzone (already listed):

Code: [Select]

hxxp://www.blogjo.biz/webstate/webstat.php
IP 121.101.216.210
AS4847

Code: [Select]

hxxp://bewartokken.com/blog/post.php

[jackberri]

IP Location: Ukraine  - TTC Network -TTC-AS Naukanet (TopNET) UA Aggregation network Autonomous System Nauka-Svyaz Ukraine
IP 195.128.226.132
AS31445

Code: [Select]

hxxp://uk-microsoft.com/src/update.setmd5sum ===> 7f0c711c31eff1da7128dc7a09fcccb2
SHA256 ===>  82da35bd8a470c2e0c3b85c32d74275efb72c5ead935f39847448755b83c1a42

Code: [Select]

hxxp://uk-microsoft.com/src/update.exemd5sum ===> 45e4849ee69dac0d095f9b9c2f57ebbf
SHA256 ===>  dbdbb1e839730b353d264a8a01837d0f96348d71364bb2ef18fd1c018c67c35d
http://www.virustotal.com/es/analisis/dbdbb1e839730b353d264a8a01837d0f96348d71364bb2ef18fd1c018c67c35d-1277570693
VT 9/40 (22.5%)

IP Location:   Bosnia and Herzegovina  - GlobalNET Bosnia
IP 77.78.239.43
AS42560

Code: [Select]

hxxp://acunetxweb.net/123/footer.php

IP Location:   United States  - DIMENOC-HOSTDIME
IP 66.7.218.232
[dime167.dizinc.com]
AS33182

Code: [Select]

hxxp://clibs.co.uk/website/wp-image.php
other malware:
Trojan PWS
IP Location:  Brazil - IGB
IP 200.226.249.3
[3.249.226.200.in-addr.arpa.ig.com.br]
AS14571

Code: [Select]

hxxp://masterconsultora.hpg.com.br/rex.jpgmd5sum ===> d6fee15957029fde5323dd0e4684501b
SHA256 ===>  0b2fc62d3090c9c09b8ea254597423fe57945e996df71d2da5d5e235e83e9666
http://www.virustotal.com/es/analisis/0b2fc62d3090c9c09b8ea254597423fe57945e996df71d2da5d5e235e83e9666-1277569409
VT 16/41 (39.03%)

[jackberri]

IP Location:  Kazakhstan - AlfaHost LLP. Route Object -ALFAHOSTNET Alfa-Host LLP
IP 193.105.207.102
AS50793
Registrant/Registrant Email: Private Person/vatchin@mail.ru

Code: [Select]

hxxp://postmetoday.ru/dks8k/dks9postmetoday2main.jpgmd5sum ===> 47ede4152325b6d9f1cd3aa854c763d6
SHA256 ===>  8e18a407775ea0b6dbcdc92e4037a2972bdc70470976d623dbeaf8f9b5776cfd

Code: [Select]

hxxp://postmetoday.ru/exe8k/pump.exemd5sum ===> d660aae712adc5e1d23d2500a13b4cfd
SHA256 ===>  2d225cd78f0649521c4c9ee5cd9c195be35aecc8f2f988e846dc5bbdeeb9d683
http://www.virustotal.com/es/analisis/2d225cd78f0649521c4c9ee5cd9c195be35aecc8f2f988e846dc5bbdeeb9d683-1277712943
VT 6/41 (14.64%)

Code: [Select]

hxxp://postmetoday.ru/admin8sia/datapump.php
IP Location:  United States - ThePlanet.com Internet Services, Inc - THEPLANET-AS2
IP 174.120.169.226
[gator1078.hostgator.com]
AS21844
Registrant: Joel Garcia

Code: [Select]

hxxp://teendx.com/cfg2.binmd5sum ===> 71f5ec16f3ddbd89489136effbb5550e
SHA256 ===>  d9b23e76e72a24647fd6548ca88e5473701218cd6c889c804422375a339d09b8

Code: [Select]

hxxp://teendx.com/bot.exemd5sum ===> d7e2eff1f08983b5a18a95019a68384f
SHA256 ===>  591b0abcfd67bac9993e17b3394e902a413958cee51c908bc5936595cb06e4ed
http://www.virustotal.com/es/analisis/591b0abcfd67bac9993e17b3394e902a413958cee51c908bc5936595cb06e4ed-1277716625
VT 33/40 (82.5%)

Code: [Select]

hxxp://teendx.com/gate.php
IP Location:  China - CHINANET-BJ-METRO BeijingTelecom
IP 121.101.216.205
AS4847
Registrant/Registrant Email: Migdalia Diaz/MillieDiaz4@aol.com

Code: [Select]

hxxp://promo-standart.info/kiker/cfg.binmd5sum ===> a40eb43a6b5fb5482bbcddb28debbc4e
SHA256 ===>  55049575bf6fe4bb9fb49dece4293dcdf5769fb077d2a61eded15d7c38661208

Code: [Select]

hxxp://promo-standart.info/kiker/gate.php
related:

Code: [Select]

www.sinergy-dl.com
www.streetgetthen.net
www.coolparts31.tw/S_main/
www.artfromdown.net
www.lightrootlog.net
www.laveseekk.com

[jackberri]

IP Location:  China - China Telecom JiangXi province - CHINA-TELECOM
IP 59.53.91.121
AS4134
Registrant/Registrant Email: Yulia Degtyar/sweet@5mx.ru

Code: [Select]

hxxp://cutewizard.com/dee/ger.mamd5sum ===> 10d89abfb89d76a0f5a15f96b6a331e7
SHA256 ===>  d7e1d25ca04b3a79c16899595bd4e4bf367ad52eb243263fa91a6b9a8a91bdeb

Code: [Select]

hxxp://cutewizard.com/dee/dee.exemd5sum ===> 732e5ff8d836a86fcd4044ae52c9b85e
SHA256 ===>  0be99b50325e2bb382ec7e19b4f565423efb802f1abb9a47dbed53cd2b4bc969
http://www.virustotal.com/es/analisis/0be99b50325e2bb382ec7e19b4f565423efb802f1abb9a47dbed53cd2b4bc969-1277795973
VT 6/41 (14.64%)
dropzone:
IP Location:  Thailand - TRUEINTERNET-TH - TRUE-AS-AP True Corporation Co.,Ltd
IP 124.122.173.242
[ppp-124-122-173-242.revip2.asianet.co.th]
AS17552
Registrant/Registrant Email: Daria Inozemtseva/order@bigmailbox.ru

Code: [Select]

hxxp://brushcourt.com/ger/gfhsk.php
other malware:

Trojan
IP Location:  United States - BurstNET Technologies
IP 64.191.57.201
[64-191-57-201.hostnoc.net]
AS21788

Code: [Select]

hxxp://wywg.yinlongtrade.com.cn/wywg/mssj/brittle.exemd5sum ===> 3ea4ad5f9c7f03e94741ae6e1b097bef
SHA256 ===>  818ae77ada06bd35ff021e27b79442b60ad3d19151d02e2224ab9ee7df84826f
http://www.virustotal.com/es/analisis/818ae77ada06bd35ff021e27b79442b60ad3d19151d02e2224ab9ee7df84826f-1277733648
VT 7/41 (17.08%)