Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- =========================================================
- #MalwareMustDie! BLOCK THESE URL AND 178.63.214.21 ASAP!!
- @unixfreaxjp Thu Feb 7 04:37:01 2013
- Blackhole "/closest/" version
- Multiple Landing Page, multiple Payload per landing page
- At IP: 178.63.214.21 (Dynamic Addr)
- ---------------------------------------------------------------------------------
- ASN |Prefix |ASName |CN |Domain |ISP of an IP Address
- ---------------------------------------------------------------------------------
- 24940 | 178.63.0.0/16 | HETZNER | DE | YOUR-SERVER.DE | JUST HOSTING
- MO: changes of the domain infector i.e. :
- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- 44edkjhgc.mymom.info
- 4wjgiwgjw.mymom.info
- 4drguvub.mywww.biz
- 5uwdfhwui.mywww.biz
- 4tyuijhbnm.mywww.biz
- 5jijefijdjw.mywww.biz
- ===========================================================
- 1. http://178.63.214.21/closest/black_dragon.php
- 2. http://178.63.214.21/closest/984y3fh8u3hfu3jcihei.php
- 3. http://178.63.214.21/closest/98yf8913fjipgjialhg8239jgighnjh4i6k5o.php
- 4. http://178.63.214.21/closest/209tuj2dsljdglsgjwrigslgkjskga.php
- 5. http://178.63.214.21/closest/98y7y432ufh49gj23sldkkqowpsskfnv.php
- 6. http://178.63.214.21/closest/209tuj2dsljdglsgjwrigslgkjskga.php
- landing page1: http://178.63.214.21/closest/black_dragon.php --> Cridex (27/45)
- jar1: https://www.virustotal.com/file/32023c224aa49ad4187f610e09cb65a1c99bc11ea11c944a39cf4ff2f1f4b5e8/analysis/1360240607/
- jar2: https://www.virustotal.com/file/e22a7a11dfb2ac17de9f590f9a5f5f1f17afea5a46d9d61cef689bdd131df800/analysis/1360240617/
- pdf1: https://www.virustotal.com/file/bf74ba6d5bf1ea4a16d6a11a2819667ede24baacfe7c04525a8f1baa643c911c/analysis/1360240743/
- pdf2: https://www.virustotal.com/file/6357a00c86c9b36f15766e31c4c4f5cbb7385167fbfb766dd1188cb758c6c9c0/analysis/1360240751/
- Payload: https://www.virustotal.com/file/7876ab47a6ef51ef87545a2634528cf0d887d62f97675c97d74175714fc975ae/analysis/1360238712/
- landing page2: http://178.63.214.21/closest/984y3fh8u3hfu3jcihei.php --> Trojan Dropper DLL (run w/rundll32.exe)
- pdf1 https://www.virustotal.com/file/f7c54a821afec66e89d598e767d93b86a09f2332f8245babbfdc0c7d2cef4a8d/analysis/1360243427/
- pdf2 https://www.virustotal.com/file/5516d2525c0c5bf45625d1309d97a77df547a48d3517b5502e93c96c19158c80/analysis/1360243440/
- jar1 https://www.virustotal.com/file/32023c224aa49ad4187f610e09cb65a1c99bc11ea11c944a39cf4ff2f1f4b5e8/analysis/
- jar2 https://www.virustotal.com/file/e22a7a11dfb2ac17de9f590f9a5f5f1f17afea5a46d9d61cef689bdd131df800/analysis/
- Payload: https://www.virustotal.com/file/38a4e42d8a1de1c666d3672173862eab246193e7ab800a58883a23a49bd5ef31/analysis/
- The below landing page also loaded and weaponized:
- ^^^^^^^^^^^^^^^^^^^
- http://178.63.214.21/closest/98yf8913fjipgjialhg8239jgighnjh4i6k5o.php
- http://178.63.214.21/closest/209tuj2dsljdglsgjwrigslgkjskga.php
- http://178.63.214.21/closest/98y7y432ufh49gj23sldkkqowpsskfnv.php
- http://178.63.214.21/closest/209tuj2dsljdglsgjwrigslgkjskga.php
- ----
- #MalwareMustDie!! @unixfreaxjp
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement