Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #MalwareMustDie!! | Sun Nov 4 14:52:22 JST 2012
- *) This is a compilation of overall Pseudorandom / DGA
- Cases of JS/RunforrestRun Infectors Handled by MMD - Overall
- ---------------------------------------------------------------------------
- *) There are 3three more previous cases left which is currently under sort now..
- We'll do the best, done in compiling 4 cases below...
- ---------------------------------------------------------------------------
- [1] Update Status of url/domains of DGA / Pseudorandom infectors
- Ref1: http://malwaremustdie.blogspot.jp/2012/10/fuzzy-in-manual-cracking-of.html (Case Details)
- Ref2: http://pastebin.com/raw.php?i=tGiTcJ4H (Infector details)
- Ref3: http://pastebin.com/raw.php?i=vrRq35JF (Current status)
- result: ACTIVATED
- ---------------------------------------------------------------------------
- [2] Update Status of url/domains of DGA / Pseudorandom infectors
- Ref1: http://malwaremustdie.blogspot.jp/2012/09/malware-hunting-log-jspseudorandom.html (Case Details)
- Ref2: http://pastebin.com/raw.php?i=tGiTcJ4H (Infector details1)
- Ref3: http://pastebin.com/raw.php?i=9zQt23hv (Infector details2)
- Ref4: http://pastebin.com/raw.php?i=AE3a6xpH (Report)
- Result: NOT ACTIVATED
- ---------------------------------------------------------------------------
- [3] Update Status of url/domains of DGA / Pseudorandom infectors
- Ref1: http://pastebin.com/raw.php?i=S0cs87P1 (Case details)
- Ref2: http://pastebin.com/raw.php?i=F05WXQ2Z (Burped Infectors)
- Ref3: http://pastebin.com/raw.php?i=XXtEbTSZ (Report)
- Result: NOT ACTIVATED
- ---------------------------------------------------------------------------
- [4] Update Status of url/domains of DGA / Pseudorandom infectors
- Ref1: http://pastebin.com/raw.php?i=0VM5ycgq (first type of deobfs burped urls)
- Ref2: http://pastebin.com/raw.php?i=xjwM4gfy (second type of deobfs burped urls)
- Ref3: http://pastebin.com/raw.php?i=VvQAk9m1 (Report)
- result: ACTIVATED
- ---------------------------------------------------------------------------
- [5] Update Status of url/domains of DGA / Pseudorandom infectors, Case JS/PseudoRandom
- Ref1: http://malwaremustdie.blogspot.jp/2012/10/decoding-multilayer-javascript-packed.html
- Ref2: http://pastebin.com/raw.php?i=p6EjiDg7 (Burped Infectors domains)
- Ref3: Same as case [3] http://pastebin.com/raw.php?i=XXtEbTSZ
- Status: NOT ACTIVATED
- Case [6][7] was actually repititions of the case [1][2] no new information available.
- ------
- #MalwareMustDie!!!!!!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement