Translate

4/01/2014

Trojan BLOGVISITOR from CHINA:
DOMAIN zychina.mobi infected with Trojan.JS.Iframe.fz
IP: 218.104.136.146 from Xiamen, CHINA




CHINESE MALWARE:

DOMAIN:
http://zychina.mobi/
  • https://www.virustotal.com/de/url/b212fd8098e178418e113cb823368b43f133aaac51838ae708dba4a923c41a7b/analysis/1396354754/
Trojan.JS.Iframe.fz
  • https://www.virustotal.com/de/file/49f2b6bf7563ea06b69ee3684c93570a430d18c97faaae60254a60459b798e1d/analysis/1396354981/
VISITING LINK:
http://zychina.mobi/seller/offerdetail/12-97-0-176.html
  • https://www.virustotal.com/de/url/7ebc5b4cbf1444fad375a685d687bdf33da5f77b4822b647f335faccd98770e4/analysis/
Trojan.JS.Iframe.fz
  • https://www.virustotal.com/de/file/3a0a92fc03235935b8403f6ebec3aeb1bc8dedce42b4531f6837856c276f8ab4/analysis/1396355327/


mm.aa88567.cn (Parked Domain)

DOMAIN:
http://mm.aa88567.cn/
  • https://www.virustotal.com/de/url/1e45da7aac14b36d7d105ce784a495150344dfd34da1978ac05606a30ddbc3ae/analysis/1396355633/

REMOTE URL:
http://mm.aa88567.cn/index/mm.js
  • https://www.virustotal.com/de/url/9301134079c20e75b649ea30d29daa465a2e81ead033a5312b394585b7cfd9ef/analysis/1396355646/

IP(s):
1) http://218.104.136.146/
  • https://www.virustotal.com/de/url/b33d2e7b96317081cb01eb03e844dbbc41485ba9eb8a40209d23e36cd060c789/analysis/1396356099/
  • https://www.virustotal.com/de/ip-address/218.104.136.146/information/
81 SPAM Mails sent from this IP:
  • https://www.projecthoneypot.org/ip_218.104.136.146
2) http://50.117.120.253/    (Personal 2nd Appearance)
  • https://www.virustotal.com/de/url/e619b1d78286c0b9cadfbb81b7ad400b5c94c97ada584689925d2ba3805ec165/analysis/1396356347/
  • https://www.virustotal.com/de/ip-address/50.117.120.253/information/

Keine Kommentare:

Kommentar veröffentlichen