Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- =======================================
- #MalwareMustDie | Fri Nov 16 20:57:41 JST 2012
- Week 11th since the first Crusade
- Hint #1 - TDS Sutra leads
- =======================================
- The angel hinted the clue on:
- accountpro001.ru/flow08.php
- accountpro002.ru/flow08.php
- accountpro003.ru/flow08.php
- accountpro004.ru/flow08.php
- accountpro005.ru/flow08.php
- accountpro006.ru/flow08.php
- accountpro007.ru/flow08.php
- accountpro007.ru/flow4.php
- accountpro008.ru/flow08.php
- azbuka001.pro/flow08.php
- azbuka002.pro/flow08.php
- azbuka003.pro/flow08.php
- azbuka004.pro/flow08.php
- azbuka005.pro/flow08.php
- azbuka006.pro/flow08.php
- azbuka007.pro/flow08.php
- azbuka008.pro/flow08.php
- promoution170.ru/flow08.php
- promoution208.ru/flow08.php
- promoution209.ru/flow08.php
- promoution210.ru/flow08.php
- promoution212.ru/flow08.php
- promoution213.ru/flow08.php
- promoution214.ru/flow08.php
- promoution215.ru/flow08.php
- promoution216.ru/flow08.php
- promoution219.ru/flow08.php
- www.accountpro003.ru/flow08.php
- www.accountpro004.ru/flow08.php
- www.accountpro007.ru/flow08.php
- ----example------
- One url i.e.:
- h00p://azbuka001.pro/flow5.php
- will open 7 iframers... to:
- IFRAME: h00p://azbuka001.pro/flow1.php
- IFRAME: h00p://azbuka001.pro/flow2.php
- IFRAME: h00p://azbuka001.pro/flow3.php
- IFRAME: h00p://azbuka001.pro/flow4.php
- IFRAME: h00p://azbuka001.pro/flow5.php
- IFRAME: h00p://azbuka001.pro/flow6.php
- IFRAME: h00p://azbuka001.pro/flow7.php
- They leads to: IFRAME: h00p://reservedir001.ru/tds/in.cgi?default <=== evil enough for the further investigation
- quest targets = latest threat uptime status, payload, EK name, CnC.
- ----
- #MalwareMustDie
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement