API tools faq
paste
Advertisement
MalwareMustDie

#MalwareMustDie! #ALERT: Kelihos IP & Domains STILL UP!

MalwareMustDie
Jul 19th, 2013
1,519
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.30 KB | None | 0 0
raw download clone embed print report
  1. // Kelihos botnet IP for downloading payload using .RU's DGA domains,
  2. // We reported at http://pastebin.com/zxhk5mKB ,
  3. // Is still up and alive in the wild now!
  4. // The shutdown request was executed but only 4 domains shutdown at this moment.
  5. // The weekend is starting to come so PLEASE BLOCK THESE KELIHOS INFECTOR DOMAINS A.S.A.P.:
  6. // I think our Tango will not make it before weekend.
  7.  
  8. // PoC of infector domains used is UP AND ALIVE:
  9.  
  10. @unixfreaxjp /malware/checkdomains]$ date
  11. Fri Jul 19 20:01:00 JST 2013
  12.  
  13. uhipyvob.ru,178.150.17.118,
  14. ollopdub.ru,176.8.3.144,
  15. fafehwiz.ru,91.217.58.74,
  16. fuhxodyz.ru,77.122.197.86,
  17. ikqydkod.ru,37.229.144.253,
  18. bopefidi.ru,118.34.132.154,
  19. ycsycxyd.ru,95.140.214.250,
  20. sojouvyc.ru,188.129.218.87,
  21. vadlubiq.ru,178.93.135.94,
  22. kazlyjva.ru,109.162.94.114,
  23. funfubap.ru,213.37.166.193,
  24. goryzcob.ru,213.37.166.193,
  25. motbajsi.ru,178.158.158.182,
  26. xymkapaq.ru,93.185.219.213,
  27. runevfoh.ru,89.215.115.4,
  28. virerceb.ru,94.153.36.164,
  29. xatzyjha.ru,93.79.152.211,
  30. makgivus.ru,79.135.211.87,
  31. avryjpet.ru,178.211.105.168,
  32. kyjaqcoz.ru,46.119.144.106,
  33. hiznizoc.ru,46.250.7.179,
  34. giktyxvu.ru,77.123.79.211,
  35. ynhazcel.ru,178.172.246.30,
  36. gazgowry.ru,93.89.208.202,
  37. vetarwep.ru,5.248.164.41,
  38. gulaxxax.ru,46.119.144.106,
  39. onhugxic.ru,109.251.126.26,
  40. ahfamzyk.ru,46.49.47.254,
  41. sykevked.ru,93.77.96.252,
  42. ydhicdor.ru,94.137.172.44,
  43. kifectah.ru,109.122.40.111,
  44. busasxyv.ru,77.121.199.73,
  45. yjnaqwew.ru,77.121.255.183,
  46. xuktalez.ru,91.123.150.115,
  47. lygyucce.ru,94.158.74.230,
  48. taykenid.ru,109.108.252.136,
  49. bysjyhuf.ru,5.1.22.63,
  50. najniner.ru,126.65.174.136,
  51. dakacdyn.ru,109.254.67.25,
  52. higrikpy.ru,78.154.168.74,
  53. dipteqna.ru,188.190.75.232,
  54. kykywpik.ru,109.122.33.79,
  55. cimmitic.ru,153.180.71.144,
  56. suyzerew.ru,217.196.171.35,
  57. yhzelbyp.ru,77.123.80.174,
  58. aflyzkac.ru,93.185.220.213,
  59. tejjetzo.ru,93.89.208.202,
  60. lysopzoh.ru,178.168.22.114,
  61. dyvgigim.ru,46.211.75.123,
  62. jehrecyp.ru,87.69.55.36,
  63. cyrkapov.ru,190.220.70.79,
  64. niqtasoz.ru,178.150.17.118,
  65. ginkyvub.ru,77.123.80.174,
  66. zyvjofat.ru,93.79.152.211,
  67. ihurvyun.ru,94.231.190.74,
  68. izytexuf.ru,31.192.237.101,
  69. adtyuhuz.ru,84.252.56.59,
  70. aggaxsef.ru,94.230.201.36,
  71. bomuxvis.ru,84.240.19.130,
  72. xejabfom.ru,178.158.186.24,
  73. sapigrys.ru,95.69.187.249,
  74. sodkanxo.ru,117.197.245.69,
  75. paxgeqjo.ru,49.205.210.193,
  76. xoqhozaz.ru,95.160.83.57,
  77. usfezhyk.ru,46.119.212.183,
  78. hipahsah.ru,109.87.200.213,
  79. talozzum.ru,31.133.52.8,
  80. yrupxyen.ru,91.224.168.65,
  81. nacwoman.ru,178.150.90.223,
  82. libcikak.ru,46.119.128.115,
  83. uphinjaq.ru,109.162.9.212,
  84. aziwolge.ru,178.150.17.118,
  85. oktizsez.ru,78.139.153.169,
  86. kiyvryhy.ru,79.133.254.238,
  87. fugegwyf.ru,188.190.75.232,
  88. urxibzep.ru,91.225.173.12,
  89. bawoxgud.ru,31.133.55.240,
  90. xudsahbu.ru,195.24.155.245,
  91. dypqysro.ru,31.170.137.75,
  92. jyuhysdo.ru,78.154.168.74,
  93. hupjiwuc.ru,188.121.198.247,
  94. cypseguv.ru,176.8.249.131,
  95. confikja.ru,93.171.77.37,
  96. tofhermi.ru,36.224.71.20,
  97. ybtoptag.ru,180.61.12.116,
  98. qeisybyg.ru,77.122.124.210,
  99. mihumcuf.ru,93.185.220.213,
  100. pywudcoz.ru,89.201.116.227,
  101. kosnutef.ru,79.164.250.218,
  102. acaqizwy.ru,178.150.244.54,
  103. lymimnib.ru,117.197.15.103,
  104. sisvizub.ru,89.28.52.30,
  105. hozfezbe.ru,178.210.222.205,
  106.  
  107. // These domains are down now...
  108.  
  109. cibowjuv.ru,,
  110. pedtokid.ru,,
  111. ankoweco.ru,,
  112. uxmadjox.ru,,
  113.  
  114. ----
  115. #MalwareMustDie!
  116. Checked by @unixfreaxjp at:
  117. @unixfreaxjp /malware/checkdomains]$ date
  118. Fri Jul 19 20:13:52 JST 2013
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!