Translate

5/08/2014

ANGLER EXPLOIT KIT (& HEUR:Trojan.Script.Generic)
Newly Detected Malicious DOMAINS from FRANCE:
black-salope.photos-films-x.com
www.photosx-videosx.com
belles-noires.photosx-videosx.com

IPs: 23.239.17.30 & 194.150.236.81



FRENCH MALWARE DOMAIN(s): 
LINKS TO INFECTED DOMAINS (HEUR:Trojan.Script.Generic / ANGLER EXPLOIT KIT)

SITE:
http://black-salope.photos-films-x.com/
  • https://www.virustotal.com/de/url/afd7b2909fd81c0403dcd2d7751966ce255d6011b4217b857f102f0bd02b1d7d/analysis/1399550506/
SPECIFIC MALICIOUS URL:
http://black-salope.photos-films-x.com/black-salopes.html
  • https://www.virustotal.com/de/url/dd6f70d37f067050a8e9e7c9a902ed98e18697b125206252d2f9ab8ee4e44e80/analysis/1399550918/
  • http://quttera.com/detailed_report/www.photosx-videosx.com
INFECTED LINKS FOUND HERE:

1)
http://www.photosx-videosx.com/
  • https://www.virustotal.com/de/url/304eacef10ded96e02de6a8c7377facaf6fe00fa0f7abfb4916e509406caa0b0/analysis/1399551145/
HEUR:Trojan.Script.Generic
  • https://www.virustotal.com/de/file/8eb3907b32e45e38453b56a05aed6b0132f31e7db511e14da383c2e0821b55ea/analysis/1399551334/
  • Malicious iframe injection
  • Angler exploit kit URL pattern
  • https://urlquery.net/report.php?id=1399551228285
--->
http://promo.vador.com/js/tc_loader.js
  • https://www.virustotal.com/de/url/8cc9be1632fafa63070ba909501c2c1253363913f508c68ca851e53d3e997082/analysis/1399553305/
  • https://www.virustotal.com/de/file/017051c711d3cd4e1dfdfba7976237e86bcbf1841b8c4e96627c929403ea9a20/analysis/1397006857/
---->

DOMAIN:
http://consciousnesszone.com/
  • https://www.virustotal.com/de/url/ac7d259785dcda43ec1ec46b60d5be4f6850e7f516a35007fff1a3c34df8daee/analysis/1399553019/
  • http://sitecheck.sucuri.net/results/consciousnesszone.com
MALICIOUS URL (DOCWRITE)
http://consciousnesszone.com/wp-content/plugins/InstaBuilder/zE1ZWXxV.php?id=1707269
  • https://www.virustotal.com/de/url/e389ae2a547adde57bd8665fd45aa84307e994f550e08c11e2b3b125cdef3ee4/analysis/1399552408/
DOMAIN:
http://socialmediahelpforbusinesses.com/

  • https://www.virustotal.com/de/url/bb5f27c3c682dcde39769b673429d69f6ba7bb293824ffa555807aaafa16ee25/analysis/1399552046/
EXPLOIT URL (in this case (random)):
http://socialmediahelpforbusinesses.com/o5a8oheam8
  • https://www.virustotal.com/de/url/98ba770ce401bfc84286efaed8dd08e614c1c8f74198fb2f429bb91ebf6fed55/analysis/1399552020/
EXPLOIT ANGLER
  • https://www.virustotal.com/de/file/59831c7074ce6fb3cad1c442da9d8f943340909375e156ce988d3b6a5cbf86ee/analysis/1399551862/
---------------------------------------------------

2) SAME FOR
http://belles-noires.photosx-videosx.com/
  • https://www.virustotal.com/de/url/356c31acbf7f736f50a26783583632d2754b8a0094339ed70d4c1703d941f164/analysis/1399553987/
HEUR:Trojan.Script.Generic
  • https://www.virustotal.com/de/file/37ccdabc9e5d4dc17f00af44f311417577ab1dfe884634e663ae15184e37de0e/analysis/1399554228/
  • http://urlquery.net/report.php?id=1399554055463
---------------------------------------------------
IPs:

1)
http://194.150.236.81/
  • https://www.virustotal.com/de/url/090783f03563157938a2c276a895517863727923085fe8723335e188fbe0efd3/analysis/1399554601/
  • https://www.virustotal.com/de/ip-address/194.150.236.81/information/
2)
http://23.239.17.30/
  • https://www.virustotal.com/de/url/698f78c8e171958c4fe2e9090202804a5ec63d5b1a03bb31abae5094a7bef84c/analysis/1399554712/

Keine Kommentare:

Kommentar veröffentlichen