Month: October 2015

qbstdn6k7iivyki2.onion(Lending Ransomware Hosted In France Roubaix Ovh Sas)

The Ransomware is hosted with Tor. Domain                                   Address                Country France HTTP Requests : ( GET /lending/bot.php?name=4m4qn8F4804DA9-83EC&kod=tFpJtvsF^lUPeqDDzAQnkOeFfH]zSstunSA[dotBceHrJvZpTz&pid=2 GET /lending/bot.php?name=4m4qn8F4804DA9-83EC&kod=tFpJtvsF^lUPeqDDzAQnkOeFfH]zSstunSA[dotBceHrJvZpTz&pid=2 HTTP/1.1 Host: Keep-Alive: 300 Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; Synapse)

Trojan Downloader Hosted In 66 Diferent ip’s

This sample contains a trojan downloader : hxxp:// around 1mb size. Hosts List : Password Stealer Hosted In United States Provo Unified Layer)

Mybe Zeus variant. Domains : HTTP Requests : POST /wp-content/themes/twentyfourteen/css/php/gate.php HTTP/1.0 Host: Accept: */* Accept-Encoding: identity, *;q=0 Content-Length: 506 Connection: close Content-Type: application/octet-stream Content-Encoding: binary User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98) GET /wp-admin/css/panel/config.jpg HTTP/1.1 Accept: */* Connection: Malware Hosted In Russian Federation Moscow Avguro Technologies Ltd. Hosting Service Provider)

Domain Name : HTTP Requests : Data : POST /finsess.php HTTP/1.0 Host: Connection: close User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) Content-Type: application/x-www-form-urlencoded Content-Length: 26 1=1882869218&2=&3=&99=15&^ Get sample here : hxxp:// Hosting infos : Trojan Password Stealer Hosted In Russian Federation Miragroup Ltd.) HTTP Requests hxxp:// hxxp:// hxxp:// Hosting Infos :