SHARE
TWEET

#MalwareMustDie - Loaded+Weaponized BHEK 2012 Dec 22 -1

MalwareMustDie Dec 21st, 2012 113 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ===============================================
  2. #MalwareMustDie! Fri Dec 21 22:25:12 JST 2012
  3. Updated: Sat Dec 22 23:59 JST 2012
  4. Three russian (.RU) domains malware infectors EK,
  5. ===============================================
  6.  
  7. Domains: afjdoospf.ru, akionokao.ru, apendiksator.ru
  8. Proxies: nginx/1.0.10 proxies Port 8080
  9. Server: Apache/2.2.16 (Debian) Server
  10.         PHP/5.3.18-1~dotdeb.0
  11. Exploit Kit: BlackHole EK v.2.x
  12.  
  13. Active IP's & domains:
  14.  
  15. afjdoospf.ru     A      210.71.250.131
  16. akionokao.ru     A      210.71.250.131
  17. apendiksator.ru  A      210.71.250.131
  18. bilainkos.ru     A      210.71.250.131
  19.  
  20. afjdoospf.ru     A      91.224.135.20
  21. akionokao.ru     A      91.224.135.20
  22. apendiksator.ru  A      91.224.135.20
  23. bilainkos.ru     A      91.224.135.20
  24.  
  25. afjdoospf.ru     A      187.85.160.106
  26. akionokao.ru     A      187.85.160.106
  27. apendiksator.ru  A      187.85.160.106
  28. bilainkos.ru     A      187.85.160.106
  29.  
  30. // connections PoC:
  31.  
  32. --2012-12-21 22:07:45--  
  33. Resolving akionokao.ru (akionokao.ru)... 210.71.250.131, 91.224.135.20, 187.85.160.106
  34. Caching akionokao.ru => 210.71.250.131 91.224.135.20 187.85.160.106
  35. Connecting to akionokao.ru (akionokao.ru)|210.71.250.131|:8080... connected.
  36.  
  37. Caching apendiksator.ru => 210.71.250.131 91.224.135.20 187.85.160.106
  38. Connecting to apendiksator.ru (apendiksator.ru)|210.71.250.131|:8080... connected.
  39.  
  40. Caching afjdoospf.ru => 210.71.250.131 91.224.135.20 187.85.160.106
  41. Connecting to afjdoospf.ru (afjdoospf.ru)|210.71.250.131|:8080... connected.
  42.  
  43. Resolving bilainkos.ru (bilainkos.ru)... 210.71.250.131, 187.85.160.106, 91.224.135.20
  44. Connecting to bilainkos.ru (bilainkos.ru)|210.71.250.131|:8080... connected.
  45.  
  46. // DNS Servers used:
  47.  ASN  |Prefix          |ASName  | CN | Domain       | ISP of an IP Address
  48. ----------------------------------------------------------
  49. 57010 | 62.76.184.0/21 | CLODO  | RU | NIC.RU       | ROSNIIROS RUSSIAN INSTITUTE PUBLIC NETWORKS
  50. 45629 | 110.164.0.0/17 | JASTEL | TH | 3BB.CO.TH    | 3BB BROADBAND ISP THAILAND
  51. 37963 | 42.121.0.0/16  | ALIBAB | CN | ALIYUN.COM   | CNNIC-ALIBABA-CN-NET - ALIYUN COMPUTING
  52. 36937 | 41.168.0.0/16  | Neotel | ZA | NEOTELZA.NET | NEOTEL PTY LTD
  53.  
  54. //Evil NS Listed for this infector group:
  55. 3165    IN      A       62.76.186.24
  56. 3165    IN      A       110.164.58.250
  57. 3165    IN      A       42.121.116.38
  58. 3165    IN      A       41.168.5.140
  59. 60      IN      A       110.164.58.250
  60. 60      IN      A       41.168.5.140
  61. 60      IN      A       62.76.186.24
  62. 60      IN      A       209.51.221.247
  63. 60      IN      A       163.10.12.83
  64. 60      IN      A       216.99.149.226
  65. 60      IN      A       208.87.243.196
  66. 60      IN      A       203.146.208.180
  67. 60      IN      A       74.117.61.66
  68.  
  69. //WHOIS:
  70. domain:        AKIONOKAO.RU
  71. nserver:       ns1.akionokao.ru. 62.76.186.24
  72. nserver:       ns2.akionokao.ru. 110.164.58.250
  73. nserver:       ns3.akionokao.ru. 42.121.116.38
  74. nserver:       ns4.akionokao.ru. 41.168.5.140
  75. state:         REGISTERED, DELEGATED, UNVERIFIED
  76. person:        Private Person
  77.  
  78. domain:        AFJDOOSPF.RU
  79. nserver:       ns1.afjdoospf.ru. 62.76.186.24
  80. nserver:       ns2.afjdoospf.ru. 110.164.58.250
  81. nserver:       ns3.afjdoospf.ru. 42.121.116.38
  82. nserver:       ns4.afjdoospf.ru. 41.168.5.140
  83. state:         REGISTERED, DELEGATED, UNVERIFIED
  84. person:        Private Person
  85.  
  86. domain:        APENDIKSATOR.RU
  87. nserver:       ns1.apendiksator.ru. 62.76.186.24
  88. nserver:       ns2.apendiksator.ru. 110.164.58.250
  89. nserver:       ns3.apendiksator.ru. 42.121.116.38
  90. nserver:       ns4.apendiksator.ru. 41.168.5.140
  91. state:         REGISTERED, NOT DELEGATED, UNVERIFIED
  92. person:        Private Person
  93.  
  94. domain:        BILAINKOS.RU <NEW!!
  95. nserver:       ns1.bilainkos.ru. 62.76.186.24
  96. nserver:       ns2.bilainkos.ru. 110.164.58.250
  97. nserver:       ns3.bilainkos.ru. 42.121.116.38
  98. nserver:       ns4.bilainkos.ru. 41.168.5.140
  99. state:         REGISTERED, DELEGATED, UNVERIFIED
  100. person:        Private Person
  101.  
  102. // Shut these IP / Service down!
  103. // #MalwareMustDie!
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top