API tools faq
paste
Advertisement
MalwareMustDie

#MalwareMustDie! PseudoRND/DGA JS/RunForrest Report Sum.Up

MalwareMustDie
Nov 4th, 2012
1,467
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.46 KB | None | 0 0
raw download clone embed print report
  1. #MalwareMustDie!! | Sun Nov 4 14:52:22 JST 2012
  2. *) This is a compilation of overall Pseudorandom / DGA
  3. Cases of JS/RunforrestRun Infectors Handled by MMD - Overall
  4. ---------------------------------------------------------------------------
  5. *) There are 3three more previous cases left which is currently under sort now..
  6. We'll do the best, done in compiling 4 cases below...
  7. ---------------------------------------------------------------------------
  8.  
  9. [1] Update Status of url/domains of DGA / Pseudorandom infectors
  10. Ref1: http://malwaremustdie.blogspot.jp/2012/10/fuzzy-in-manual-cracking-of.html (Case Details)
  11. Ref2: http://pastebin.com/raw.php?i=tGiTcJ4H (Infector details)
  12. Ref3: http://pastebin.com/raw.php?i=vrRq35JF (Current status)
  13. result: ACTIVATED
  14.  
  15. ---------------------------------------------------------------------------
  16.  
  17. [2] Update Status of url/domains of DGA / Pseudorandom infectors
  18. Ref1: http://malwaremustdie.blogspot.jp/2012/09/malware-hunting-log-jspseudorandom.html (Case Details)
  19. Ref2: http://pastebin.com/raw.php?i=tGiTcJ4H (Infector details1)
  20. Ref3: http://pastebin.com/raw.php?i=9zQt23hv (Infector details2)
  21. Ref4: http://pastebin.com/raw.php?i=AE3a6xpH (Report)
  22. Result: NOT ACTIVATED
  23.  
  24. ---------------------------------------------------------------------------
  25.  
  26. [3] Update Status of url/domains of DGA / Pseudorandom infectors
  27. Ref1: http://pastebin.com/raw.php?i=S0cs87P1 (Case details)
  28. Ref2: http://pastebin.com/raw.php?i=F05WXQ2Z (Burped Infectors)
  29. Ref3: http://pastebin.com/raw.php?i=XXtEbTSZ (Report)
  30. Result: NOT ACTIVATED
  31.  
  32. ---------------------------------------------------------------------------
  33.  
  34. [4] Update Status of url/domains of DGA / Pseudorandom infectors
  35. Ref1: http://pastebin.com/raw.php?i=0VM5ycgq (first type of deobfs burped urls)
  36. Ref2: http://pastebin.com/raw.php?i=xjwM4gfy (second type of deobfs burped urls)
  37. Ref3: http://pastebin.com/raw.php?i=VvQAk9m1 (Report)
  38. result: ACTIVATED
  39.  
  40. ---------------------------------------------------------------------------
  41.  
  42. [5] Update Status of url/domains of DGA / Pseudorandom infectors, Case JS/PseudoRandom
  43. Ref1: http://malwaremustdie.blogspot.jp/2012/10/decoding-multilayer-javascript-packed.html
  44. Ref2: http://pastebin.com/raw.php?i=p6EjiDg7 (Burped Infectors domains)
  45. Ref3: Same as case [3] http://pastebin.com/raw.php?i=XXtEbTSZ
  46. Status: NOT ACTIVATED
  47.  
  48. Case [6][7] was actually repititions of the case [1][2] no new information available.
  49.  
  50. ------
  51. #MalwareMustDie!!!!!!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!