NEW MALWARE CODE:
Trojan-Clicker.HTML.IFrame.api & Trojan.JS.Agent.cfe & Trojan.JS.Agent.cff & Trojan.JS.Agent.cfg
found on
iprostate.org (FRANCE) & 89.161.179.50 (POLAND) & aixuaxoh.corpellis.com (FRANCE)
MALICIOUS DOMAIN INFECTED:
iprostate.org
https://www.virustotal.com/de/url/60a26b91beaa3f637236fd90c0337dbbbbca80eeef890fe65ccf4e08d1e47dcf/analysis/1390565063/
NEW MALICIOUS CODE: Trojan-Clicker.HTML.IFrame.api
https://www.virustotal.com/de/file/e985726550f1e3d0e509d7b137b0fb8e638e0206be3dac95aa3374b68b75f9c4/analysis/1390565399/
http://wepawet.iseclab.org/view.php?hash=95b6d14c905bb68bb00acc216aeee6ea&t=1390565037&type=js
http://jsunpack.jeek.org/?report=544ce445dec7f573fde5dbae940cf8e1a877d501
http://www.urlvoid.com/scan/iprostate.org/
--->
DOMAIN: (POLAND)
89.161.179.50
https://www.virustotal.com/de/url/3eb048bbc38acf47bc1fc56d6ba0bca27af49befb9501ba7e6217f1fd1f855a8/analysis/1390566648/
INFECTED WITH: JS:Includer-APY [Trj] & Trojan.JS.Blacole.Gen
https://www.virustotal.com/de/file/e7b478aeb97b77d2b7603ec9b3c01a67c9283b5773dc220fa181aec6b106502c/analysis/1390566981/
http://urlquery.net/report.php?id=8956027
http://wepawet.iseclab.org/view.php?hash=71f5f7a455f222fa3632d2fa5513d733&t=1390567166&type=js
http://jsunpack.jeek.org/?report=d0d24f41d2763479e8bdd80e573321b1495b3ee5
89.161.179.50/AC_RunActiveContent.js
https://www.virustotal.com/de/url/46559ae6b42b98f6a5636e639f20cf218a21dbe4e74bde08627368d5e4004efa/analysis/1390567518/
NEW MALICIOUS CODE: Trojan.JS.Agent.cfg
https://www.virustotal.com/de/file/8dd5ca26ad29dbb78104867199d67d6cf93115b3af206c434470d8f896c6df6b/analysis/1390567519/
SPECIFIC REMOTE LINK:
89.161.179.50/pub/MQZ11znP.php?id=27367098
https://www.virustotal.com/de/url/db69ece38e9a7d922b2fc7f4363d7c763e1f7393e7f60aeb049334e56b25324d/analysis/1390565939/
NEW MALICIOUS CODE: Trojan.JS.Agent.cfe
--->
DOMAIN:
aahaimie.corpellis.com
https://www.virustotal.com/de/url/74b62220ddfd4194ec8353076c5a47dc6d75169cee68a0b1b04183042ea90971/analysis/1390566439/
SPECIFIC REMOTE LINK:
aahaimie.corpellis.com:8000/kbgvqiqyg?bwiossxvihjt=6621548
https://www.virustotal.com/de/url/716660bdafda01452ff3383dc54d57578b33620ce3f2b60c5a04b085262aa26b/analysis/
NEW MALICIOUS CODE:
https://www.virustotal.com/de/file/e7b478aeb97b77d2b7603ec9b3c01a67c9283b5773dc220fa181aec6b106502c/analysis/
--->
DOMAIN: (UKRAINE)
91.217.91.104
https://www.virustotal.com/de/url/600b14a0354cde620db64861fd6865d7395f8e3cbb744240c842ab09f01fb577/analysis/1390568047/
91.217.91.104//?id=1&se_referer=&charset=utf-8
https://www.virustotal.com/de/url/b1edaeb1d47b89d2747466822d49aba12752e79a004de1643bca1f70d03f7584/analysis/1390568170/
-----------------------------------------------------------------------------------
OTHER DOMAINS INVOLVED
1) DOMAIN: (U.S.)
akmc-engg.com
https://www.virustotal.com/de/url/704c9b0de1bad345c1af1094c1f130a9e3af891aeb5e01aca4634e189ad2cb7f/analysis/1390568688/
SPECIFIC LINK:
akmc-engg.com/cO5hpbRz.php?id=27367098
https://www.virustotal.com/de/url/15901dee78bb8e1a89187df6e9482f84379cea7ba8f78d2fbb79755058286f19/analysis/1390568698/
https://www.virustotal.com/de/file/afee46604646db0e32c46dd0f423e1da7c2f9d2a2be31990ab287585f825ba83/analysis/1390566117/
-----------------------------------------------------------------------------------
2) DOMAIN: (U.S.)
karocchio.eu
https://www.virustotal.com/de/url/fff4fdeb39bb94d2696dc08f21a116135f90045b60a1c634c48d6f75a9efc81d/analysis/1390569353/
-----------------------------------------------------------------------------------(ICELAND)
https://www.virustotal.com/de/url/315bdb1eaf95fcaeb3bf417a5185a4b1b7a69c888a133707df227201cd8c7921/analysis/1390569679/
Dynamic DNS URL
http://urlquery.net/report.php?id=8956217
http://www.urlvoid.com/scan/bobomo.mynumber.org/
-----------------------------------------------------------------------------------
4) DOMAIN: (INDONESIA)
inez.co.id
https://www.virustotal.com/de/url/a3a8f91034a79665ee1a2c92c8a7d4dcb8536440f4acf9472c2a6650046c4445/analysis/1390570093/
https://www.virustotal.com/de/file/7212d36a24d79b733ee726e38c0db6734e4a55b290a2680504de57683ed49a07/analysis/1390570210/
http://www.urlvoid.com/scan/inez.co.id/
SPECIFIC LINK (INFECTED):
inez.co.id/edocus/tSB0NuE7.php?id=19034511
https://www.virustotal.com/de/url/17b184b7e0f250eda98b7314b3e2316a6540701029647b3814705fddbbde9c57/analysis/1390570447/
INFECTED WITH: HEUR:Trojan.Script.Generic
https://www.virustotal.com/de/file/521de2e5d3c5140f17a06400840f7002bd2ec33f6e085171fc3df768efb4413f/analysis/1390570748/
https://www.virustotal.com/de/file/b671d0390dcde53d9b0fd1e0bd3a8b145409e57f58b00bc47d11c449037a7468/analysis/1390570733/
http://jsunpack.jeek.org/?report=d9152fba62fa51859e1955854a0a447e785e73c0
-----------------------------------------------------------------------------------
5) DOMAIN: (FRANCE) Dynamic DNS URL
www.urofrance.org
https://www.virustotal.com/de/url/ad735bc21d8858b255a8688cd78c3d04ee7ccf483dfea7e0147a5b92915774f5/analysis/1390571126/
www.urofrance.org/congres-et-formations/calendrier.html
https://www.virustotal.com/de/url/de91fb23ff3add27e1b0b61c9e6a57043ffe33c927a4bd40201ed79e2ac0f03b/analysis/1390571128/
Dynamic DNS URL
http://urlquery.net/report.php?id=8956326
-----------------------------------------------------------------------------------
6) DOMAIN: (SWITZERLAND)
www.healthonnet.org
https://www.virustotal.com/de/url/ffe8ada5a6b6a7eca744223b20087bebb2fe5339ef3b9f983f2e38b62056dada/analysis/1390572210/
http://quttera.com/detailed_report/www.healthonnet.org
----------------------------------------------------------------------------------- 7) DOMAIN: (FRANCE) - LINK TO iprostate.org found
www.spdesigner1.com
https://www.virustotal.com/de/url/aabf7f0ce3e2507fe39cf3a2d7c1488ec96e81bbec5899771bad3944845639e9/analysis/1390573845/
www.spdesigner1.com/js/carouFredSel.js
https://www.virustotal.com/de/url/87ff75c131dd793787cc905b4c86b65fa62cea025f29ce837efc9863bf003919/analysis/1390574236/
PUA
https://www.virustotal.com/de/file/babe4ebb46ac2dbe59de631e65409bd31133a3c48b0e3069d8543aed9af13f98/analysis/1386751724/
LINK FOUND TO: iprostate.org
http://www.UnmaskParasites.com/security-report/?page=www.spdesigner1.com
Keine Kommentare:
Kommentar veröffentlichen