Tag: smokeloader

bookwormsbiorhythm.top(Smoke Loader + TeamViewer Rat)

Smoke Loader is used to infect with team viewer rat 4.34-2mb size of executable. Domains : bookwormsbiorhythm.top charlesadvanced.top Ip’s : Samples : hxxp:// hxxp:// hxxp:// hxxp://theplatonicsolid.com/cftmon.exe hxxp://memorywedge.net/11/cftmon.exe hxp://memorywedge.net/11/1.zip : The whole archive(shells,emailer,samples), his gmail adress to.This guy looks like big russki hecker.

frineon.su (Smoke loader hosted by fastflux botnet)

Server:  frineon.su Gate file:  /forum/index.php Hosting info: ;; QUESTION SECTION: ;frineon.su. IN A ;; ANSWER SECTION: frineon.su. 150 IN A frineon.su. 150 IN A frineon.su. 150 IN A frineon.su. 150 IN A frineon.su. 150 IN A frineon.su. 150 IN A frineon.su. 150 IN A frineon.su. 150 IN A

Predhost.in (Smokeloader hosted by Digitalocean.com)

Resolved predhost.in to Server:  Predhost.in Gate file:  /sm/index.php Logging into hxxp://predhost.in/sm/guest.php with guest:guest works. Anyone want to test if the sqli got fixed? Hosting infos: http://whois.domaintools.com/ Related md5s (Search on malwr.com to download samples) Smokeloader: 4c438005e17b968813f3df1fb2e15f4a (Citadel banking malware hosted by home ip?)

Server: Config file:  /hide/1355/file.php Gate file:  /hide/1355/enter.php According to whois, this is a home cable internet ip (United States Concord Astound Broadband). Also on the server, smoke loader and pony Smoke Server: Gate file:  /smokeldr/index.php Pony Server: Gate file:  /js/gate.php The moron running this has Pony downloading itself, creating a continuous

aeonhf.net (Smoke loader http botnet proxied by cloudflare)

Resolved aeonhf.net to, (Cloudflare ips) Server:  aeonhf.net, Alternate domain:  aminserve.info (Currently has non-responsive nameservers) Gate file:  /admin/index.php This is the latest skid who uses cloudflare to help host his botnet. Maybe this time they’ll do something about it? Hosting infos: ecatel.info Edit: CloudFlare received your abuse report dated February 24, 2013 regarding: aeonhf.net

imageshoster.ru (Smoke loader http botnet hosted by santrex.net)

Resolved imageshoster.ru to Server:  imageshoster.ru Gate file:  /pics/index.php This is the new smokebot domain of the beerpigfarm.ru installs guy. His previously domain adzu324nbasmdaoias.su is currently hosted on the same server. Sample: hxxp:// Hosting infos: http://whois.domaintools.com/

sharesend.info (smoke loader http botnet hosted by voxility.net)

Resolved sharesend.info to Server:   sharesend.info Gate file:  /admin/index.php A pity the guest.php credentials have been changed from the default or fun could have be had. Download the panel from here if you want it: hxxp://sharesend.info/admin/admin.zip Hosting infos: http://whois.domaintools.com/