SHARE
TWEET

Bedep campaign

a guest Mar 25th, 2015 419 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Post-compromise Bedep traffic observed to destination domains bokoretanom()net, op23jhsoaspo()in, koewasoul()com, and dertasolope7com()com.
  2.  
  3. Observed referers (forged - machines never actually browsed to the referers):  loervites()com, newblackfridayads()com, alkalinerooms()net, new-april-discount()net, violatantati()com, nicedicecools()net, books-origins-dooms()net, adsforbussiness-new()com
  4.  
  5.  
  6. Observed traffic patterns:
  7. /ads.php?sid=1923
  8. /advertising.html
  9. /ads.js
  10. /media/ads.js
  11. /r.php?key=a5ec17eed153654469be424b96891e79
  12.  
  13.  
  14.  
  15. Summary:
  16. Bedep immediately opens a backdoor on the target machine; it also generates click-fraud traffic, and can be used to load further malware.  Bedep was written by the authors of the Angler Exploit Kit, and as such, AnglerEK is the primary distribution method for this malware.
  17.  
  18.  
  19.  
  20.  
  21. All observed domains are registered to Sara Marsh (saramarsh29@yahoo.com) and Gennadiy Borisov (yingw90@yahoo.com) through Domain Context.  These are certainly fake names and email addresses, but appear to be used often.  As such, they are reliable indicators, for the time being, that a domain is malicious.
  22.  
  23.  
  24.  
  25. Domains registered to these names and/or email addresses include:
  26. Saramarsh29@yahoo.com:
  27. 1.  art-spite-tune.com
  28. 2.  axenndnyotxkohhf69.com
  29. 3.  bokoretanom.net
  30. 4.  dertasolope7com.com
  31. 5.  shareeffect-affair.com
  32. 6.  loervites.com
  33. 7.  newblackfridayads.com
  34. 8.  nicedicecools.net
  35. 9.  books-origins-dooms.net
  36. 10. alkalinerooms.net
  37. 11. new-april-discount.net
  38. 12. violatantati.com
  39. 13. op23jhsoaspo.in
  40. 14. adsforbusiness-new.com
  41. 15. 1000mahbatterys.com
  42.  
  43. Yingw90@yahoo.com:
  44. 1.  asdoiewpwekjds.net
  45. 2.  avzxpjvrndi6g.com
  46. 3.  blofezojens.net
  47. 4.  care-habit-tree.com
  48. 5.  cavnplxhlwjzld.com
  49. 6.  deplaoiemdo.com
  50. 7.  gqzrdawmmvaalpevd0.com
  51. 8.  jdioermutrealo.com
  52. 9.  krbewsoiitaciki2s.com
  53. 10. monzxetrvneicur5.com
  54. 11. nertafopadertam.com
  55. 12. noieutrabchpowewa.com
  56. 13. panic-man-family.com
  57. 14. piragikolos.com
  58. 15. pndrdbgijushci.com
  59. 16. qhmbdzygdevxk0m.com
  60. 17. qvllupuqjknz5.com
  61. 18. roppsanaukpovtrwl.com
  62. 19. rwermezqpnf4.com
  63. 20. thcdcmdeydcisfi.com
  64. 21. trusteer-box.com
  65. 22. volume-range.com
  66. 23. vucjunrhckgaiyae.com
  67. 24. vxuiweipowe92j.com
  68. 25. xgihfqovzurg8.com
  69. 26. koewasoul.com
RAW Paste Data
Top