MalwareMustDie's Pastebin

An archive of MMD pastes until 2014 (inactive, museums) 209,643 1,185,971 0 13 years ago

Name / Title	Added	Expires	Hits	Comments	Syntax
ITW Campaign of Dyre Malware via Explopit CVE-2013-2729 PDF	Oct 15th, 2014	Never	4,302	0	JavaScript	-
PoC of the IptabLeX windows version exists	Oct 15th, 2014	Never	3,572	0	ASM (NASM)	-
Multiple China DDoS-er/backdoor payloads w/long shell cmd	Oct 14th, 2014	Never	6,077	0	JavaScript	-
.IptabLes\|x comeback frade8c.com:9162	Oct 13th, 2014	Never	2,749	0	Bash	-
China Windows DDoSer w/USA CNC 23.91.3.246	Oct 5th, 2014	Never	3,150	0	ASM (NASM)	-
China Crooks White List snagged by MMD	Sep 22nd, 2014	Never	10,814	0	None	-
RFI - Bossa	Sep 15th, 2014	Never	3,687	0	None	-
Redundant Exploit Multi-Arc attack of BossaBot	Sep 8th, 2014	Never	3,483	0	ASM (NASM)	-
Redundant dirs for RFI attack BossaBot #Malwaremustdie!	Sep 8th, 2014	Never	4,329	0	ASM (NASM)	-
Chinese ELF: profild && keymap22 highlights..	Sep 2nd, 2014	Never	3,380	0	ASM (NASM)	-
China Elf Malware & Kernel Exploit Factory	Sep 2nd, 2014	Never	2,986	0	JavaScript	-
Elf Remote DDoS Management Tools from China	Jul 29th, 2014	Never	5,818	3	MIX Assembler	-
TAOBAO China ELF DDoS'er	Jul 28th, 2014	Never	7,133	3	MIX Assembler	-
I'm a mu mu mu? Just a Crap!	Jul 27th, 2014	Never	2,874	0	JavaScript	-
Installation of the Autostart Scripts \| China DDoSer	Jun 16th, 2014	Never	3,325	3	ASM (NASM)	-
Network Interface grabbed \| China DDoSer	Jun 16th, 2014	Never	4,196	0	ASM (NASM)	-
Server sensitive info's grabbed \| China DDoSer	Jun 16th, 2014	Never	3,220	0	ASM (NASM)	-
Updater function \| China DDoS'er	Jun 16th, 2014	Never	3,217	0	ASM (NASM)	-
Zbic Decompression Data \| China DDoSer	Jun 16th, 2014	Never	3,532	0	ASM (NASM)	-
DNS Flood Thread \| China DDoSer	Jun 16th, 2014	Never	3,834	0	ASM (NASM)	-
SYN Flood Thread \| China DDoSer	Jun 16th, 2014	Never	3,652	0	ASM (NASM)	-
Recent Incident of Linux ELF (LD_PRELOAD) libworker.so	Jun 10th, 2014	Never	3,964	0	JavaScript	-
Case #8 - Journey to Abused FTP	Jun 4th, 2014	Never	3,082	0	JavaScript	-
#MMD\| xx(32\|64)'s Symbol table \| Elf analysis	May 12th, 2014	Never	8,071	0	None	-
libworker.so ALIVE sites	May 10th, 2014	Never	4,065	0	None	-
#MalwareMustDie! libworker.so malware library infected sites	May 9th, 2014	Never	5,376	0	None	-
Fake Installer downloads PUP Backdoor	May 2nd, 2014	Never	2,641	0	JavaScript	-
Mapping of PC Spambot April 2014 Upatre/GMO	Apr 25th, 2014	Never	5,151	0	None	-
Kelihos Infection APRIL 18th 2014 / last 16h monitoring	Apr 17th, 2014	Never	3,409	0	None	-
Kelihos Infection APRIL 17th 2014 / 12h	Apr 17th, 2014	Never	4,059	0	None	-
April 14th ~ Recorded #SSH Bruter Attacker Top List	Apr 15th, 2014	Never	5,453	0	None	-
American Express Phishing April 12 2014	Apr 12th, 2014	Never	3,434	0	JavaScript	-
List of recent SSH default user's login attacker's IPs	Apr 10th, 2014	Never	5,122	0	None	-
Four full set of spam campaign gameovers	Apr 5th, 2014	Never	2,988	0	JavaScript	-
UPATRE ZZP of ZGMO campaign via Spam attachment	Mar 26th, 2014	Never	2,857	0	JavaScript	-
Upatre downloading Zeus Gameover (GMO)	Mar 26th, 2014	Never	2,832	0	JavaScript	-
Nuclear bai bai	Mar 22nd, 2014	Never	2,734	0	None	-
Nuclear RU part 3	Mar 22nd, 2014	Never	2,919	0	None	-
Nuclear RU part 2	Mar 22nd, 2014	Never	2,707	0	None	-
Nuclear OVH & DB	Mar 22nd, 2014	Never	2,914	0	None	-
Nuclear RU part 1	Mar 18th, 2014	Never	3,104	0	None	-
GoogleCode RECENT Malware Abuse list (only)..	Mar 16th, 2014	Never	2,773	0	None	-
Trojan bankings served in Google Code	Mar 16th, 2014	Never	3,250	0	None	-
#MalwareMustDie! Recent Upatre downloads encrypted Zbot/GMO	Mar 14th, 2014	Never	3,586	0	JavaScript	-
Taiwan Kelihos infection Log	Mar 12th, 2014	Never	2,941	0	None	-
"Wattering" RAT HAVEX INFECTION VERDICT	Mar 10th, 2014	Never	34,491	0	Java	-
Logger, Backdoor SMTP, Downloader from China	Mar 8th, 2014	Never	2,777	0	JavaScript	-
Citadel PoC	Mar 3rd, 2014	Never	3,077	0	None	-
When Traffer and Infector crooks work together	Mar 2nd, 2014	Never	2,882	0	JavaScript	-
Amazon/Google abuse:	Feb 27th, 2014	Never	3,652	0	PHP	-
Tango Down Check: Nuclear follow up	Feb 27th, 2014	Never	3,113	0	JavaScript	-
Kuluoz Reversing "QUICK" Notes	Feb 14th, 2014	Never	2,800	0	ASM (NASM)	-
Hacked Site with the US IRC Server'S Perl ShellBot	Feb 12th, 2014	Never	4,680	0	Perl	-
#MalwareMustDie - Decoding Kelihos Simda download FakeAV	Feb 10th, 2014	Never	3,800	0	JavaScript	-
Have a "xmlrpc.php" & GooDork for Breakfast	Feb 6th, 2014	Never	3,060	0	XML	-
Phishing AMEX Script (neutralized)	Feb 5th, 2014	Never	7,578	6	JavaScript	-
A wtf suspicious TDS..	Jan 27th, 2014	Never	2,992	0	None	-
Forensics Data - PowerLocker $str(MemDumps)	Jan 17th, 2014	Never	2,631	0	None	-
#Nuclear EK infection domain chains..	Jan 16th, 2014	Never	2,808	0	None	-
#Simda Payload callbacks Traffic (origin: Kelihos Botnet)	Jan 16th, 2014	Never	2,554	0	None	-
#Cridex Trojan Infection IP Source per Jan 17 2014	Jan 16th, 2014	Never	4,441	0	None	-
Trojan/PWS Win32/Cridex RETURNS	Jan 15th, 2014	Never	2,986	4	None	-
FUD Kelihos	Jan 14th, 2014	Never	2,483	0	None	-
Kuluoz - Latest Version \| Binary DUMP Analysis	Jan 14th, 2014	Never	11,202	6	None	-
Shadow Logger Registry Trace in Memory Dump (forensics)	Jan 2nd, 2014	Never	11,391	0	None	-
Shadow Logger Process Record	Jan 2nd, 2014	Never	2,769	0	None	-
Shadow Logger PE Strings	Jan 2nd, 2014	Never	3,658	0	None	-
#MMD Tango Down 311/2,989	Dec 2nd, 2013	Never	2,598	0	None	-
SURBL CryptoLocker	Nov 13th, 2013	Never	3,843	0	None	-
BOTNET KULUOZ/ ASPROX BACK WITH NEW EXCYPTION	Nov 12th, 2013	Never	2,802	0	None	-
Nuclear EK Landing Page in Japan serves Citadel	Nov 8th, 2013	Never	2,447	0	JavaScript	-
FaceBook IM & Web Driven Facebook Trojan with DGA Downloader	Nov 7th, 2013	Never	8,691	0	JavaScript	-
#MalwareMustDie - MORE Zbot Trojans UP and ALIVE	Nov 5th, 2013	Never	2,474	0	None	-
#MalwareMustDie! ZEUS links that needed to nuke down:	Nov 5th, 2013	Never	2,574	0	None	-
#MalwareMustDie - #PoC of HOW Kelihos Infecting via RedKit	Nov 5th, 2013	Never	2,624	0	None	-
#MalwareMustDie! Zombie PCs used by Botnet & Malware	Nov 4th, 2013	Never	2,806	0	None	-
The cracking of 709days used by RunForrestRun DGA	Nov 2nd, 2013	Never	2,933	0	JavaScript	-
DGA (PseudoRandom Domain) RunForrestRun, Decoding 1st Step	Nov 2nd, 2013	Never	2,880	0	JavaScript	-
#MalwareMustDie! Zeus Variant Payloads	Oct 30th, 2013	Never	2,709	0	None	-
#malwareMustDie - The #w00tw00t Attack log	Oct 20th, 2013	Never	5,667	0	Apache Log	-
YAra rule: Citadel	Oct 15th, 2013	Never	2,662	0	None	-
#MalwareMustDie! Peeking at Recent Blackhole via IncomingFAX	Sep 19th, 2013	Never	2,635	0	None	-
KELIHOS MALWARE DETECTION RATIO - BY AV SCANNING AT VT	Aug 31st, 2013	Never	2,615	4	None	-
OP CleanUp Kelihos, CN: Polandia/Polska	Aug 13th, 2013	Never	2,666	0	None	-
OP CleanUp Kelihos, CN: Japan	Aug 13th, 2013	Never	3,103	0	None	-
OP CleanUp Kelihos, CN: Romania	Aug 13th, 2013	Never	2,637	0	None	-
OP CleanUp Kelihos, CN: Russia	Aug 13th, 2013	Never	3,234	0	None	-
OP CleanUp Kelihos, CN: USA	Aug 13th, 2013	Never	3,790	0	None	-
OP CleanUp Kelihos, CN: India	Aug 13th, 2013	Never	2,547	0	None	-
#MalwareMustDie - Kelihos Botnet IP Aug 11, 2013 take 1	Aug 11th, 2013	Never	39,081	0	None	-
#MalwareMustDie - Kelihos Botnet IP AUg 11, 2013	Aug 11th, 2013	Never	2,811	0	None	-
#MalwareMustDie! Kelihos BotNet IP TOTAL Aug 10th 2013	Aug 10th, 2013	Never	7,861	0	None	-
Chekcing Latest Kelihos .COM domains sinkhole status	Aug 10th, 2013	Never	2,512	0	None	-
#MalwareMustDie! Last milking today, sorted unique : 1307ip	Aug 10th, 2013	Never	2,397	0	None	-
Kelihos Hit US IP..	Aug 9th, 2013	Never	2,751	0	None	-
#MalwareMustDie! Kelihos BotNet IP-2 Aug 10th 2013	Aug 9th, 2013	Never	4,160	0	None	-
#MalwareMustDie - Log of Report of ANOTHER 2 Kelihos domains	Aug 9th, 2013	Never	2,347	0	None	-
#MalwareMustDie - Log of Report of 2 more Kelihos domains	Aug 9th, 2013	Never	2,398	0	None	-
#MalwareMustDie! Kelihos BotNet IP Aug 10th 2013	Aug 9th, 2013	Never	8,692	0	None	-
#MalwareMustDie - Log of Report of 8 more Kelihos domains	Aug 9th, 2013	Never	2,566	0	None	-

1 2 3 4 Oldest