Advertisement
Sug4r

havex-rat

Mar 10th, 2014
1,575
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.09 KB | None
  1. Hello you can find below some "HAVEX-RAT" C&C:
  2.  
  3. [2b2a2b6f962b5a69f880480dcb9646e2]
  4. hxxp://pekanin.freevar.com/include/template/isx.php
  5. hxxp://simpsons.freesexycomics.com/wp06/wp-includes/po.php
  6. hxxp://toons.freesexycomics.com/wp08/wp-includes/dtcla.php
  7.  
  8.  
  9. [979464521c927226ac683ec4c88c6218]
  10. hxxp://www.pc-service-fm.de/modules/mod_search/src.php
  11. hxxp://artem.sataev.com/blog/wp-includes/pomo/src.php
  12. hxxp://swissitaly.com/includes/phpmailer/class.pop3.php
  13.  
  14. hxxp://mahsms.ir/wp-includes/pomo/dtsrc.php
  15. ------------------------------------------------------------------------------------
  16. Source: Russia
  17. Target: Energy sector
  18. Infection vector: Water-holes (based on multiple Java CVE)
  19. Detection: A file (TMPprovider*.dll) is dropped inside "ProgramData" directory
  20. ------------------------------------------------------------------------------------
  21.  
  22. If you need you can find furthers information here
  23. "http://www.crowdstrike.com/sites/all/themes/crowdstrike2/css/imgs/platform/CrowdStrike_Global_Threat_Report_2013.pdf"
  24.  
  25. anyway, Google is your friend... [or not? ;) ]
  26.  
  27.  
  28. Sug4r
  29. LAST UPDATE:20140310
Advertisement
RAW Paste Data Copied
Advertisement