Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @Set_Abominae
- Changes in URLs related to Neutrino Exploit kit, first observed 2013.11.01
- --------------------------------------------------------------------------
- Previously Neutrino EK used a predefined char in the different stages of an exploit, now it seems to be more random / changing more often (every hour?)
- Before:
- Landing <domain>:8000/o...
- Profile POST <domain>:8000/y... /i...
- Java exploit <domain>:8000/b...
- Payload: <domain>:8000/v...
- Some observed Landing urls today:
- maeba9g.wildwebsites.org:8000/krnqewdi?hkmmxcb=4038276
- iqu6bee.wildwebsites.org:8000/hdxvxhipon?iqmfpos=1307818
- ume6chi.wildwebsites.org:8000/fsbnlwbt?hylyxdmvnon=1256450
- dai8oot.wildwebsites.org:8000/hkihltgynxhijx?ijrqqp=3251988
- eanga2g.wildwebsites.org:8000/awfdheoun?yuoophru=1307818
- vie2che.wildwebsites.org:8000/dumumby?sycriqepetq=1307818
- Example of an exploit chain:
- Landing: http://iqu6bee.wildwebsites.org:8000/hdxvxhipon?iqmfpos=1307818
- Profile POST http://iqu6bee.wildwebsites.org:8000/sqkxzhlejv and http://iqu6bee.wildwebsites.org:8000/bixoeckkuk
- Java exploit: http://iqu6bee.wildwebsites.org:8000/yqmhl?ahloua=iemzwmkotwc
- Payload: http://iqu6bee.wildwebsites.org:8000/txwqhmqapojo?alkacbmwb=iemzwmkotwc
- Got more info? Please DM me on Twitter.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
