Tag: Pony

inmrvogurin.ru(Pony Hosted In Macao Macau Alan Hqservers Web Studio)


This guy keep changing domainnames but he uses the same shit. Resolved : [ inmrvogurin.ru ] To [ ] URL’S : hxxp://inmrvogurin.ru/SY/test/gate.php hxxp://inmrvogurin.ru/SY/test/admin.php TF leters in red maybe a tribute to trojanforge. Sample here : hxxp://inmrvogurin.ru/SY/test/micro.exe Hosting Infos : http://whois.domaintools.com/

paydbills.ru(Pony Hosted In Macao Macau Alan Hqservers Web Studio)


Resolved : [ paydbills.ru ] To [ ] Behaviours 1 Attempts to brute force passwords 2 Contains FTP stealing routine 3 Deletes itself 4 Manipulates Internet Explorer settings 5 Runs existing executable 6 Searches for digital certificates 7 Steals data 8 Steals local browser data 9 Suspicious delay URL’S : hxxp://paydbills.ru/RF/test/gate.php hxxp://www.facebook.com/ Sample hereRead more...

jdsiwiqweiqwyreqwi.com (Kasidet aka Neutrino bot)


Thnx to Xylitol for the name of the bot. Contacts domains details     “34324325kgkgfkgf.com”     “dsffdsk323721372131.com”     “fdshjfsh324332432.com”     “jdsiwiqweiqwyreqwi.com” Runs shell commands details     “cmd /c C:UsersPSPUBWSAppDataLocalTemp243765.bat” “C:38650f5c2beb183eaaba236d1b576c255a9be49af34db85705bed16d23ea11” on 2015-6-6.13:57:14.679 Dropped files details     “UserInfo.dll” has type “PE32 executable (DLL) (GUI) Intel 80386, for MS Windows”    Read more...