Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // #MalwareMustDie! @unixfreaxjp /malware/checkdomains]$ date
- // Thu Apr 25 22:14:39 JST 2013
- // KELIHOS "MOMMA" TROJAN, TANGO-DOWN REPORT
- // CASE: http://malwaremustdie.blogspot.jp/2013/04/kelihos-via-redkit-infection-following.html
- //
- // This is the list of the .RU domains used for -
- // downloading the kelihos "Momma" trojan "newboss*.exe" botnet installer -
- // during the malvertisement campaign of incident in US
- // (Boston/Waco/etc)
- //
- // These domains is in process of #TangoDown
- // currently under process (100% done). You will see the successful
- // processed ones without parameters (No IPs), and the on-going ones are with IP Addresses.
- // Total Downloader Domains (all are in .RU/noted!): 103 domains
- // MESSAGE: IF you see more domains please pastebin your finding &
- // contact us AFTER you check the below list beforehand to avoid overlapping.
- // 1. Shutdown successfully (100% confirmed): 103 domains
- ritypuro.ru,,
- cylaktog.ru,,
- kowsykoj.ru,,
- jetzicqo.ru,,
- agrybnyd.ru,,
- akafneyd.ru,,
- aqloqsis.ru,,
- aqselsoq.ru,,
- bajidmed.ru,,
- butlesuh.ru,,
- bygozlof.ru,,
- ciwefbod.ru,,
- conrozof.ru,,
- dapxonuq.ru,,
- derdepan.ru,,
- dijxohqa.ru,,
- kolasoeg.ru,,
- dydebmek.ru,,
- dydowxam.ru,,
- dypuhtiw.ru,,
- emysgual.ru,,
- ewhynwox.ru,,
- fadanres.ru,,
- fubkimab.ru,,
- funkabyv.ru,,
- fuqiwriv.ru,,
- gojzawde.ru,,
- howoggoc.ru,,
- ickyrjum.ru,,
- ivsykifa.ru,,
- jabfetiq.ru,,
- jakyskyf.ru,,
- jehbuqri.ru,,
- jigzilys.ru,,
- jujeblob.ru,,
- juqhasri.ru,,
- jykoamny.ru,,
- kezamzoq.ru,,
- kolasoeg.ru,,
- kuiffaam.ru,,
- lohdyrpa.ru,,
- melijfes.ru,,
- meuhwycu.ru,,
- migyxluk.ru,,
- mujosdim.ru,,
- nudegnuc.ru,,
- nurwiwur.ru,,
- nyhhakfi.ru,,
- okxusout.ru,,
- ovxurxom.ru,,
- poretget.ru,,
- qeqgomha.ru,,
- qevihnit.ru,,
- qyxpucaf.ru,,
- rezselix.ru,,
- rigyhdyq.ru,,
- rithakip.ru,,
- sagucqyp.ru,,
- sahiwten.ru,,
- siajxenu.ru,,
- sigkeqvi.ru,,
- soljasek.ru,,
- taurbael.ru,,
- tuhoxkyt.ru,,
- tuklicit.ru,,
- tuswusah.ru,,
- ubhyfnyz.ru,,
- ufqinweb.ru,,
- ulvojfol.ru,,
- vezylgys.ru,,
- vusypxaw.ru,,
- wezgybso.ru,,
- wirxopiz.ru,,
- aqselsoq.ru,,
- wylovpuc.ru,,
- xikgygga.ru,,
- xujxiwli.ru,,
- yddivvev.ru,,
- yhwursyn.ru,,
- yhzewguv.ru,,
- ymvuchyq.ru,,
- yskicfuw.ru,,
- ytliywax.ru,,
- zahebfox.ru,,
- zajytoke.ru,,
- zaszigic.ru,,
- zurgeqyr.ru,,
- zydeqdud.ru,,
- hfapjux.ru,,
- annerpuh.ru,,
- colunveg.ru,,
- horikhex.ru,,
- ihulypzi.ru,,
- lowzepol.ru,,
- tihxuqac.ru,,
- vydpilny.ru,,
- wuvhopij.ru,,
- zajytoke.ru,,
- zevbektu.ru,,
- zydeqdud.ru,,
- kowsykoj.ru,,
- emgefwud.ru,,
- daoqwaqo.ru,,
- // In process: 0(null) domains:
- ---
- #MalwareMustDie
- Thank's to teamwork: @essachin, @ConradLongMore, @gN3mes1s, @nyxbone, @Set_Abominae
- Special Thank's to Cert-GIB for the swift cooperation in dismantling the domains.
- This report is checked & compiled by @unixfreaxjp /malware/checkdomains]$ date
- 1. Wed Apr 24 21:37:46 JST 2013
- 2. Thu Apr 25 22:14:39 JST 2013
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
