Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Wed, Feb 5th, 2014
- #DhiaLite - New suspicious .pl subdomain oglo.bandycituska.pl showed today Feb 5th with a spike in traffic. It first resolved to 188.40.65.209 then currently to 88.198.203.229
- Its nameservers ns1.sysplex.pl and ns2.sysplex.pl are hosted on 188.40.65.209
- 188.40.65.209 has been flagged since Jan 26th by VT for hosting Virut CnC domains.
- https://www.virustotal.com/en/ip-address/188.40.65.209/information/
- #Sample domains on 188.40.65.209
- oglo.bandycituska.pl
- www.gazetaswiat.pl
- bandycituska.pl
- www.bandycituska.pl
- ns1.sysplex.pl
- ns2.sysplex.pl
- old.sysplex.pl
- www.sysplex.pl
- sysplex.pl
- u0a.cing.pl
- tsm.lefi.pl
- sp.iqchk.pl
- sg.kerta.pl
- ps.indab.pl
- in.kolso.pl
- hus.limp.pl
- c7.polgo.pl
- From the list the domains below are Virut CnC domains
- u0a.cing.pl
- tsm.lefi.pl
- sp.iqchk.pl
- sg.kerta.pl
- ps.indab.pl
- in.kolso.pl
- hus.limp.pl
- c7.polgo.pl
- Reports about the CnCs
- https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Virus:Win32/Virut.gen!AO#tab=2
- http://www.threatexpert.com/report.aspx?md5=609ec646ed46ff0a59afb8b6251ad4af
- http://www.threatexpert.com/report.aspx?md5=c8138ce6d2ae2c7ae14c1cde46fc8499
- Some of the VT reports for samples communicating with the CnCs
- https://www.virustotal.com/en/file/b0aa5fb7eae8bb5c39712110b2fb42127f7a20a3f0bb8bef22f46ec35b323ea4/analysis/
- https://www.virustotal.com/en/file/9ca0c1890a418b1bef645cf9e6eb8ec9322dd541cc749269a9f9a34ed8f74acd/analysis/
- https://www.virustotal.com/en/file/50fbcc2614914e0e2431a7af3a74a9e0865bd016dfebee916e7d2b978aae72e9/analysis/
- https://www.virustotal.com/en/file/5ea1e4baf3c0ae980a8e4ce28c929a60b9ec357099ad30047906fc936f3603fa/analysis/
- https://www.virustotal.com/en/file/a6d26c15503de6d600feae4c17af6a259b42732d825f1e3fef8fe0b1cdbb5a5e/analysis/
- https://www.virustotal.com/en/file/286d972891d6b82bcc0dd7d088734e375678c7886a89817d8148a1161024b63a/analysis/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement