daily pastebin goal
63%
SHARE
TWEET

#MalwareMustDie! #ALERT: Kelihos IP & Domains STILL UP!

MalwareMustDie Jul 19th, 2013 234 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // Kelihos botnet IP for downloading payload using .RU's DGA domains,
  2. // We reported at http://pastebin.com/zxhk5mKB ,
  3. // Is still up and alive in the wild now!
  4. // The shutdown request was executed but only 4 domains shutdown at this moment.
  5. // The weekend is starting to come so PLEASE BLOCK THESE KELIHOS INFECTOR DOMAINS A.S.A.P.:
  6. // I think our Tango will not make it before weekend.
  7.  
  8. // PoC of infector domains used is UP AND ALIVE:
  9.  
  10. @unixfreaxjp /malware/checkdomains]$ date
  11. Fri Jul 19 20:01:00 JST 2013
  12.  
  13. uhipyvob.ru,178.150.17.118,
  14. ollopdub.ru,176.8.3.144,
  15. fafehwiz.ru,91.217.58.74,
  16. fuhxodyz.ru,77.122.197.86,
  17. ikqydkod.ru,37.229.144.253,
  18. bopefidi.ru,118.34.132.154,
  19. ycsycxyd.ru,95.140.214.250,
  20. sojouvyc.ru,188.129.218.87,
  21. vadlubiq.ru,178.93.135.94,
  22. kazlyjva.ru,109.162.94.114,
  23. funfubap.ru,213.37.166.193,
  24. goryzcob.ru,213.37.166.193,
  25. motbajsi.ru,178.158.158.182,
  26. xymkapaq.ru,93.185.219.213,
  27. runevfoh.ru,89.215.115.4,
  28. virerceb.ru,94.153.36.164,
  29. xatzyjha.ru,93.79.152.211,
  30. makgivus.ru,79.135.211.87,
  31. avryjpet.ru,178.211.105.168,
  32. kyjaqcoz.ru,46.119.144.106,
  33. hiznizoc.ru,46.250.7.179,
  34. giktyxvu.ru,77.123.79.211,
  35. ynhazcel.ru,178.172.246.30,
  36. gazgowry.ru,93.89.208.202,
  37. vetarwep.ru,5.248.164.41,
  38. gulaxxax.ru,46.119.144.106,
  39. onhugxic.ru,109.251.126.26,
  40. ahfamzyk.ru,46.49.47.254,
  41. sykevked.ru,93.77.96.252,
  42. ydhicdor.ru,94.137.172.44,
  43. kifectah.ru,109.122.40.111,
  44. busasxyv.ru,77.121.199.73,
  45. yjnaqwew.ru,77.121.255.183,
  46. xuktalez.ru,91.123.150.115,
  47. lygyucce.ru,94.158.74.230,
  48. taykenid.ru,109.108.252.136,
  49. bysjyhuf.ru,5.1.22.63,
  50. najniner.ru,126.65.174.136,
  51. dakacdyn.ru,109.254.67.25,
  52. higrikpy.ru,78.154.168.74,
  53. dipteqna.ru,188.190.75.232,
  54. kykywpik.ru,109.122.33.79,
  55. cimmitic.ru,153.180.71.144,
  56. suyzerew.ru,217.196.171.35,
  57. yhzelbyp.ru,77.123.80.174,
  58. aflyzkac.ru,93.185.220.213,
  59. tejjetzo.ru,93.89.208.202,
  60. lysopzoh.ru,178.168.22.114,
  61. dyvgigim.ru,46.211.75.123,
  62. jehrecyp.ru,87.69.55.36,
  63. cyrkapov.ru,190.220.70.79,
  64. niqtasoz.ru,178.150.17.118,
  65. ginkyvub.ru,77.123.80.174,
  66. zyvjofat.ru,93.79.152.211,
  67. ihurvyun.ru,94.231.190.74,
  68. izytexuf.ru,31.192.237.101,
  69. adtyuhuz.ru,84.252.56.59,
  70. aggaxsef.ru,94.230.201.36,
  71. bomuxvis.ru,84.240.19.130,
  72. xejabfom.ru,178.158.186.24,
  73. sapigrys.ru,95.69.187.249,
  74. sodkanxo.ru,117.197.245.69,
  75. paxgeqjo.ru,49.205.210.193,
  76. xoqhozaz.ru,95.160.83.57,
  77. usfezhyk.ru,46.119.212.183,
  78. hipahsah.ru,109.87.200.213,
  79. talozzum.ru,31.133.52.8,
  80. yrupxyen.ru,91.224.168.65,
  81. nacwoman.ru,178.150.90.223,
  82. libcikak.ru,46.119.128.115,
  83. uphinjaq.ru,109.162.9.212,
  84. aziwolge.ru,178.150.17.118,
  85. oktizsez.ru,78.139.153.169,
  86. kiyvryhy.ru,79.133.254.238,
  87. fugegwyf.ru,188.190.75.232,
  88. urxibzep.ru,91.225.173.12,
  89. bawoxgud.ru,31.133.55.240,
  90. xudsahbu.ru,195.24.155.245,
  91. dypqysro.ru,31.170.137.75,
  92. jyuhysdo.ru,78.154.168.74,
  93. hupjiwuc.ru,188.121.198.247,
  94. cypseguv.ru,176.8.249.131,
  95. confikja.ru,93.171.77.37,
  96. tofhermi.ru,36.224.71.20,
  97. ybtoptag.ru,180.61.12.116,
  98. qeisybyg.ru,77.122.124.210,
  99. mihumcuf.ru,93.185.220.213,
  100. pywudcoz.ru,89.201.116.227,
  101. kosnutef.ru,79.164.250.218,
  102. acaqizwy.ru,178.150.244.54,
  103. lymimnib.ru,117.197.15.103,
  104. sisvizub.ru,89.28.52.30,
  105. hozfezbe.ru,178.210.222.205,
  106.  
  107. // These domains are down now...
  108.  
  109. cibowjuv.ru,,
  110. pedtokid.ru,,
  111. ankoweco.ru,,
  112. uxmadjox.ru,,
  113.  
  114. ----
  115. #MalwareMustDie!
  116. Checked by @unixfreaxjp at:
  117. @unixfreaxjp /malware/checkdomains]$ date
  118. Fri Jul 19 20:13:52 JST 2013
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top