API tools faq
paste
Advertisement
MalwareMustDie

#Cridex Trojan Infection IP Source per Jan 17 2014

MalwareMustDie
Jan 16th, 2014
3,988
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.10 KB | None | 0 0
raw download clone embed print report
  1. # -------------------------------------------
  2. # MalwareMustDie | Cridex Infection Source
  3. # Case: http://pastebin.com/raw.php?i=DQ7G0Vz0
  4. # Please block the below IP address:
  5. # 94.76.240.56, 212.7.219.46, 5.135.71.226 (UK, PL and FR)
  6. # To void Cridex infection at this moment.
  7. # Domains are all registered via REG.RU (Russia Federation)
  8. # @unixfreaxjp /malware/checkdomains]$ date
  9. Thu Jan 16 23:53:06 JST 2014
  10. # -------------------------------------------
  11.  
  12. # ---------------------------
  13. # REPORTED CRIDEX CNC DOMAINS
  14. # Since Nov 2013 - Jan 17th 2014
  15. # ---------------------------
  16.  
  17. $ cat checkru.txt|sort|uniq
  18.  
  19. beliyvolkalak.ru
  20. buriymishka.ru
  21. deepandtouch.ru
  22. djubkafriend.ru
  23. glebstark.ru
  24. jvrdwnload.ru
  25. kolodavoloda.ru
  26. kuchereneltd.ru
  27. masterupdate.ru
  28. micrupdaserv.ru
  29. montierco.ru
  30. pianiykrolik.ru
  31. portasible.ru
  32. renataltd.ru
  33. securesrvr8.ru
  34. softsysdnl.ru
  35. ssshsecur.ru
  36. toolsdownloads17.ru
  37. updatecheck.co.ua
  38. updote-serv3.ru
  39. uppdate-servs.ru
  40. upper-service.ru
  41.  
  42. # ----------------------
  43. # Alive IP for CNC checks
  44. # ----------------------
  45.  
  46. $ bash checkru.sh
  47.  
  48. DOMAINS A RECORD DNS
  49. ----------------------------------------------------------
  50. kuchereneltd.ru. 94.76.240.56, ns1.reg.ru. ns2.reg.ru.
  51. jvrdwnload.ru, 212.7.219.46, ns1.reg.ru. ns2.reg.ru.
  52. renataltd.ru, 5.135.71.226, ns1.reg.ru. ns2.reg.ru.
  53.  
  54. # Geo Location:
  55. # --------------
  56.  
  57. $ cat ip.txt|bash origin.sh
  58. Thu Jan 16 23:52:08 JST 2014|94.76.240.56|vpsxen7.gbservers.co.uk.|29550 | 94.76.192.0/18 | SIMPLYTRANSIT | GB | EUROCONNEX.NET | SIMPLY TRANSIT LTD
  59. Thu Jan 16 23:52:11 JST 2014|212.7.219.46||198156 | 212.7.216.0/21 | DEDISERV | PL | DEDISERV.EU | DEDISERV DEDICATED SERVERS SP. Z O.O.
  60. Thu Jan 16 23:52:13 JST 2014|5.135.71.226|5-135-71-226.cinfuserver.com.|16276 | 5.135.0.0/16 | OVH | FR | OVH.COM | OVH SYSTEMS
  61.  
  62. # -----------------------------------
  63. # Internet registration summary check
  64. # Registrar source, dates
  65. # (domain alphabethical sorted)
  66. # -----------------------------------
  67.  
  68. NS+WHOIS checker script by @unixfreaxjp
  69. Thu Jan 16 23:43:52 JST 2014
  70.  
  71. >>> beliyvolkalak.ru|nserver: ns1.reg.ru.
  72. nserver: ns2.reg.ru.
  73. registrar: REGRU-REG-RIPN
  74. created: 2013.12.26
  75. free-date: 2015.01.26
  76.  
  77. >>> buriymishka.ru|nserver: ns1.reg.ru.
  78. nserver: ns2.reg.ru.
  79. registrar: REGRU-REG-RIPN
  80. created: 2013.12.26
  81. free-date: 2015.01.26
  82.  
  83. >>> deepandtouch.ru|nserver: ns1.reg.ru.
  84. nserver: ns2.reg.ru.
  85. registrar: REGRU-REG-RIPN
  86. created: 2013.12.24
  87. free-date: 2015.01.24
  88.  
  89. >>> djubkafriend.ru|nserver: ns1.reg.ru.
  90. nserver: ns2.reg.ru.
  91. registrar: REGRU-REG-RIPN
  92. created: 2013.12.24
  93. free-date: 2015.01.24
  94.  
  95. >>> glebstark.ru|nserver: ns1.reg.ru.
  96. nserver: ns2.reg.ru.
  97. registrar: REGRU-REG-RIPN
  98. free-date: 2015.02.06
  99.  
  100. >>> jvrdwnload.ru|nserver: ns1.reg.ru.
  101. nserver: ns2.reg.ru.
  102. registrar: REGRU-REG-RIPN
  103. created: 2013.11.25
  104. free-date: 2014.12.26
  105.  
  106. >>> kolodavoloda.ru|nserver: ns1.reg.ru.
  107. nserver: ns2.reg.ru.
  108. registrar: REGRU-REG-RIPN
  109. created: 2013.10.28
  110. free-date: 2014.11.28
  111.  
  112. >>> kuchereneltd.ru|nserver: ns1.reg.ru.
  113. nserver: ns2.reg.ru.
  114. registrar: REGRU-REG-RIPN
  115. free-date: 2015.02.06
  116.  
  117. >>> masterupdate.ru|nserver: ns1.reg.ru.
  118. nserver: ns2.reg.ru.
  119. registrar: REGRU-REG-RIPN
  120. created: 2013.11.13
  121. free-date: 2014.12.14
  122.  
  123. >>> micrupdaserv.ru|nserver: ns1.reg.ru.
  124. nserver: ns2.reg.ru.
  125. registrar: REGRU-REG-RIPN
  126. created: 2013.12.12
  127. free-date: 2015.01.12
  128.  
  129. >>> montierco.ru|nserver: ns1.reg.ru.
  130. nserver: ns2.reg.ru.
  131. registrar: REGRU-REG-RIPN
  132. created: 2013.11.13
  133. free-date: 2014.12.14
  134.  
  135. >>> pianiykrolik.ru|nserver: ns1.reg.ru.
  136. nserver: ns2.reg.ru.
  137. registrar: REGRU-REG-RIPN
  138. created: 2013.11.13
  139. free-date: 2014.12.14
  140.  
  141. >>> portasible.ru|nserver: ns1.reg.ru.
  142. nserver: ns2.reg.ru.
  143. registrar: REGRU-REG-RIPN
  144. free-date: 2015.02.06
  145.  
  146. >>> renataltd.ru|nserver: ns1.reg.ru.
  147. nserver: ns2.reg.ru.
  148. registrar: REGRU-REG-RIPN
  149. created: 2013.11.13
  150. free-date: 2014.12.14
  151.  
  152. >>> securesrvr8.ru|nserver: ns1.reg.ru.
  153. nserver: ns2.reg.ru.
  154. registrar: REGRU-REG-RIPN
  155. created: 2013.11.25
  156. free-date: 2014.12.26
  157.  
  158. >>> softsysdnl.ru|nserver: ns1.reg.ru.
  159. nserver: ns2.reg.ru.
  160. registrar: REGRU-REG-RIPN
  161. created: 2013.11.25
  162. free-date: 2014.12.26
  163.  
  164. >>> ssshsecur.ru|nserver: ns1.reg.ru.
  165. nserver: ns2.reg.ru.
  166. registrar: REGRU-REG-RIPN
  167. free-date: 2015.02.06
  168.  
  169. >>> toolsdownloads17.ru|nserver: ns1.reg.ru.
  170. nserver: ns2.reg.ru.
  171. registrar: REGRU-REG-RIPN
  172. created: 2013.11.25
  173. free-date: 2014.12.26
  174.  
  175. >>> updatecheck.co.ua|Created On:13-Nov-2013 13:08:33 UTC
  176. Last Updated On:13-Nov-2013 13:08:33 UTC
  177. Expiration Date:13-Nov-2014 13:08:33 UTC
  178. Sponsoring Registrar:Reg RU (reg-ru-mnt-cunic)
  179. Registrant Email:[email protected]
  180. Admin Email:[email protected]
  181. Billing Email:[email protected]
  182. Tech Email:[email protected]
  183. Name Server:NS2.REG.RU
  184. Name Server:NS1.REG.RU
  185.  
  186. >>> updote-serv3.ru|nserver: ns1.reg.ru.
  187. nserver: ns2.reg.ru.
  188. registrar: REGRU-REG-RIPN
  189. created: 2013.12.12
  190. free-date: 2015.01.12
  191.  
  192. >>> uppdate-servs.ru|nserver: ns1.reg.ru.
  193. nserver: ns2.reg.ru.
  194. registrar: REGRU-REG-RIPN
  195. created: 2013.12.12
  196. free-date: 2015.01.12
  197.  
  198. >>> upper-service.ru|nserver: ns1.reg.ru.
  199. nserver: ns2.reg.ru.
  200. registrar: REGRU-REG-RIPN
  201. created: 2013.12.12
  202. free-date: 2015.01.12
  203. Thu Jan 16 23:44:02 JST 2014
  204.  
  205. # -------------------------------
  206. # Malware Verdict per IP in VT:
  207. # -------------------------------
  208.  
  209. https://www.virustotal.com/en/ip-address/94.76.240.56/information/
  210. https://www.virustotal.com/en/ip-address/5.135.71.226/information/
  211. https://www.virustotal.com/en/ip-address/212.7.219.46/information/
  212.  
  213. ---
  214. #malwaremustdie
  215. @unixfreaxjp /malware/checkdomains]$ date
  216. Thu Jan 16 23:53:06 JST 2014
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!