Translate

2/08/2014

MALICIOUS VISITOR TO THIS BLOG: www.bema.it INFECTED: Trojan-Downloader.JS.Iframe.czo & HEUR:Trojan.Script.Generic (ITALY)



MALICIOUS SITE: EXPLOIT BLACKHOLE (MALICIOUS INJECTION) Trojan-Downloader.JS.Iframe.czo



DOMAIN:
www.bema.it
  • https://www.virustotal.com/de/url/9c313118270d7060f6a88b8d02315e60f6fa366d1e640d01b0154f43f721ab7c/analysis/1391876292/
HTML
  • https://www.virustotal.com/de/file/c48575a72b511e9fc0a7e9e601b33507d08296eadb6efebb18655dc1177de4c1/analysis/

SPECIFIC MALWARE (VISITING) LINK: 
www.bema.it/paesaggigeologici.htm
  • https://www.virustotal.com/de/url/1a3e767c25cb71944b44bf81943c6d839273fdec1f176966f963d0875215e959/analysis/1391876591/

INFECTION:  
Trojan-Downloader.JS.Iframe.czo
  • https://www.virustotal.com/de/file/483e183fedd9db8a7fd74fd979c235c2d0565933534898c55abbfa3e7801b5e7/analysis/1391875774/
HEUR:Trojan.Script.Generic
  • https://www.virustotal.com/de/file/0e3b1abbec7f3d81910ab10ba644d5ba64a1075db3b9a85a7833642913871582/analysis/1391875789/
  • http://jsunpack.jeek.org/?report=8ace5573ffdaf77d5ed6faf5dd6aface337b0387
  • http://wepawet.iseclab.org/view.php?hash=a4bbe339803250d0b1a917575df82c92&t=1391875552&type=js
  • https://urlquery.net/report.php?id=9316907

---> REMOTE
miamiheattickets.com/http.php
  • https://www.virustotal.com/de/url/0bbe620806942d74fb1ede783f53c0f29151485340a3687deec3bdb8689900d8/analysis/1391877039/
--->
www.bema.it/bema_internet.css
  • https://www.virustotal.com/de/url/28a06f8a729f620fc4fb8c3b3aa47c3f2a66b5b9e7fba3578075c5f187218d58/analysis/1391877125/
  • https://www.virustotal.com/de/file/805730a9867637233a0e88034a7160ceebb1232bec363db7d057455dc4e8243c/analysis/1352190357/


OTHER MALWARE LINKS FROM THIS DOMAIN:
1) www.bema.it/opere/pg_1.htm
  • https://www.virustotal.com/de/url/52200c7f623b60c44c2256c70bc3041a0f7efbf825c1e0067565fd8dfd3dfd37/analysis/1391877987/
INFECTION: 
HEUR:Trojan.Script.Generic
  • https://www.virustotal.com/de/file/a4e9035cacdfbfcb1b28cfb2ebedccc0901dbc4c82173a388648d43a7d82b88f/analysis/1391877891/
--->
moreclosings.com
  • https://www.virustotal.com/de/url/cb65fb78eb9f34870ab0c33b3fd7b48e9163f72d6d9b29ee9320e97dcb6d69f4/analysis/1391878110/
moreclosings.com/showthread.php?sid=193854
  • https://www.virustotal.com/de/url/97d8c820291908356fa32a0b17c1d0eb4bc54e40e4ef64c9a2e72dfd8469a30b/analysis/
  • https://urlquery.net/report.php?id=9317125
2) www.bema.it/artigrafiche.htm
  • https://www.virustotal.com/de/url/d2fba275794bdef2a814e05cf08b9439daa40293e332fa100bde91327b470231/analysis/1391878663/
INFECTION:  
Trojan-Downloader.JS.Iframe.czo
  • https://www.virustotal.com/de/file/3fa71c9f13947e2c60e52843932f59dddcc8e2d424a6f106717f5632e4533dcd/analysis/1391878603/
  • https://urlquery.net/report.php?id=9317122
3) www.bema.it/impianti.htm
  • https://www.virustotal.com/de/url/17a7d8f57f4c1f929637dea43d3cf7332442a484bb2f89ecca2afb9bf4a9dd1c/analysis/
INFECTION:  
Trojan-Downloader.JS.Iframe.czo
  • https://www.virustotal.com/de/file/fc694a8433ca74015e3badf6ecd4d00b18f93ddfaa30121a21b6405658a97928/analysis/1391878854/
  • https://urlquery.net/report.php?id=9317119


Keine Kommentare:

Kommentar veröffentlichen