Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Post-compromise Bedep traffic observed to destination domains bokoretanom()net, op23jhsoaspo()in, koewasoul()com, and dertasolope7com()com.
- Observed referers (forged - machines never actually browsed to the referers): loervites()com, newblackfridayads()com, alkalinerooms()net, new-april-discount()net, violatantati()com, nicedicecools()net, books-origins-dooms()net, adsforbussiness-new()com
- Observed traffic patterns:
- /ads.php?sid=1923
- /advertising.html
- /ads.js
- /media/ads.js
- /r.php?key=a5ec17eed153654469be424b96891e79
- Summary:
- Bedep immediately opens a backdoor on the target machine; it also generates click-fraud traffic, and can be used to load further malware. Bedep was written by the authors of the Angler Exploit Kit, and as such, AnglerEK is the primary distribution method for this malware.
- All observed domains are registered to Sara Marsh (saramarsh29@yahoo.com) and Gennadiy Borisov (yingw90@yahoo.com) through Domain Context. These are certainly fake names and email addresses, but appear to be used often. As such, they are reliable indicators, for the time being, that a domain is malicious.
- Domains registered to these names and/or email addresses include:
- Saramarsh29@yahoo.com:
- 1. art-spite-tune.com
- 2. axenndnyotxkohhf69.com
- 3. bokoretanom.net
- 4. dertasolope7com.com
- 5. shareeffect-affair.com
- 6. loervites.com
- 7. newblackfridayads.com
- 8. nicedicecools.net
- 9. books-origins-dooms.net
- 10. alkalinerooms.net
- 11. new-april-discount.net
- 12. violatantati.com
- 13. op23jhsoaspo.in
- 14. adsforbusiness-new.com
- 15. 1000mahbatterys.com
- Yingw90@yahoo.com:
- 1. asdoiewpwekjds.net
- 2. avzxpjvrndi6g.com
- 3. blofezojens.net
- 4. care-habit-tree.com
- 5. cavnplxhlwjzld.com
- 6. deplaoiemdo.com
- 7. gqzrdawmmvaalpevd0.com
- 8. jdioermutrealo.com
- 9. krbewsoiitaciki2s.com
- 10. monzxetrvneicur5.com
- 11. nertafopadertam.com
- 12. noieutrabchpowewa.com
- 13. panic-man-family.com
- 14. piragikolos.com
- 15. pndrdbgijushci.com
- 16. qhmbdzygdevxk0m.com
- 17. qvllupuqjknz5.com
- 18. roppsanaukpovtrwl.com
- 19. rwermezqpnf4.com
- 20. thcdcmdeydcisfi.com
- 21. trusteer-box.com
- 22. volume-range.com
- 23. vucjunrhckgaiyae.com
- 24. vxuiweipowe92j.com
- 25. xgihfqovzurg8.com
- 26. koewasoul.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement