MalwareMustDie's Pastebin

An archive of MMD pastes until 2014 (inactive, museums) 207,327 1,117,871 0 13 years ago

Name / Title	Added	Expires	Hits	Syntax
ITW Campaign of Dyre Malware via Explopit CVE-2013-2729 PDF	Oct 15th, 2014	Never	4,087	JavaScript	-
PoC of the IptabLeX windows version exists	Oct 15th, 2014	Never	3,365	ASM (NASM)	-
Multiple China DDoS-er/backdoor payloads w/long shell cmd	Oct 14th, 2014	Never	5,850	JavaScript	-
.IptabLes\|x comeback frade8c.com:9162	Oct 13th, 2014	Never	2,527	Bash	-
China Windows DDoSer w/USA CNC 23.91.3.246	Oct 5th, 2014	Never	2,935	ASM (NASM)	-
China Crooks White List snagged by MMD	Sep 22nd, 2014	Never	10,615	None	-
RFI - Bossa	Sep 15th, 2014	Never	3,461	None	-
Redundant Exploit Multi-Arc attack of BossaBot	Sep 8th, 2014	Never	3,254	ASM (NASM)	-
Redundant dirs for RFI attack BossaBot #Malwaremustdie!	Sep 8th, 2014	Never	4,104	ASM (NASM)	-
Chinese ELF: profild && keymap22 highlights..	Sep 2nd, 2014	Never	3,146	ASM (NASM)	-
China Elf Malware & Kernel Exploit Factory	Sep 2nd, 2014	Never	2,776	JavaScript	-
Elf Remote DDoS Management Tools from China	Jul 29th, 2014	Never	3,356	MIX Assembler	-
TAOBAO China ELF DDoS'er	Jul 28th, 2014	Never	4,456	MIX Assembler	-
I'm a mu mu mu? Just a Crap!	Jul 27th, 2014	Never	2,660	JavaScript	-
Installation of the Autostart Scripts \| China DDoSer	Jun 16th, 2014	Never	3,063	ASM (NASM)	-
Network Interface grabbed \| China DDoSer	Jun 16th, 2014	Never	3,991	ASM (NASM)	-
Server sensitive info's grabbed \| China DDoSer	Jun 16th, 2014	Never	2,993	ASM (NASM)	-
Updater function \| China DDoS'er	Jun 16th, 2014	Never	3,005	ASM (NASM)	-
Zbic Decompression Data \| China DDoSer	Jun 16th, 2014	Never	3,328	ASM (NASM)	-
DNS Flood Thread \| China DDoSer	Jun 16th, 2014	Never	3,601	ASM (NASM)	-
SYN Flood Thread \| China DDoSer	Jun 16th, 2014	Never	3,417	ASM (NASM)	-
Recent Incident of Linux ELF (LD_PRELOAD) libworker.so	Jun 10th, 2014	Never	3,680	JavaScript	-
Case #8 - Journey to Abused FTP	Jun 4th, 2014	Never	2,856	JavaScript	-
#MMD\| xx(32\|64)'s Symbol table \| Elf analysis	May 12th, 2014	Never	7,840	None	-
libworker.so ALIVE sites	May 10th, 2014	Never	3,840	None	-
#MalwareMustDie! libworker.so malware library infected sites	May 9th, 2014	Never	5,157	None	-
Fake Installer downloads PUP Backdoor	May 2nd, 2014	Never	2,427	JavaScript	-
Mapping of PC Spambot April 2014 Upatre/GMO	Apr 25th, 2014	Never	4,947	None	-
Kelihos Infection APRIL 18th 2014 / last 16h monitoring	Apr 17th, 2014	Never	3,196	None	-
Kelihos Infection APRIL 17th 2014 / 12h	Apr 17th, 2014	Never	3,848	None	-
April 14th ~ Recorded #SSH Bruter Attacker Top List	Apr 15th, 2014	Never	5,230	None	-
American Express Phishing April 12 2014	Apr 12th, 2014	Never	3,231	JavaScript	-
List of recent SSH default user's login attacker's IPs	Apr 10th, 2014	Never	4,897	None	-
Four full set of spam campaign gameovers	Apr 5th, 2014	Never	2,794	JavaScript	-
UPATRE ZZP of ZGMO campaign via Spam attachment	Mar 26th, 2014	Never	2,649	JavaScript	-
Upatre downloading Zeus Gameover (GMO)	Mar 26th, 2014	Never	2,634	JavaScript	-
Nuclear bai bai	Mar 22nd, 2014	Never	2,526	None	-
Nuclear RU part 3	Mar 22nd, 2014	Never	2,722	None	-
Nuclear RU part 2	Mar 22nd, 2014	Never	2,511	None	-
Nuclear OVH & DB	Mar 22nd, 2014	Never	2,713	None	-
Nuclear RU part 1	Mar 18th, 2014	Never	2,897	None	-
GoogleCode RECENT Malware Abuse list (only)..	Mar 16th, 2014	Never	2,587	None	-
Trojan bankings served in Google Code	Mar 16th, 2014	Never	3,045	None	-
#MalwareMustDie! Recent Upatre downloads encrypted Zbot/GMO	Mar 14th, 2014	Never	3,376	JavaScript	-
Taiwan Kelihos infection Log	Mar 12th, 2014	Never	2,730	None	-
"Wattering" RAT HAVEX INFECTION VERDICT	Mar 10th, 2014	Never	34,252	Java	-
Logger, Backdoor SMTP, Downloader from China	Mar 8th, 2014	Never	2,583	JavaScript	-
Citadel PoC	Mar 3rd, 2014	Never	2,869	None	-
When Traffer and Infector crooks work together	Mar 2nd, 2014	Never	2,674	JavaScript	-
Amazon/Google abuse:	Feb 27th, 2014	Never	3,420	PHP	-
Tango Down Check: Nuclear follow up	Feb 27th, 2014	Never	2,919	JavaScript	-
Kuluoz Reversing "QUICK" Notes	Feb 14th, 2014	Never	2,603	ASM (NASM)	-
Hacked Site with the US IRC Server'S Perl ShellBot	Feb 12th, 2014	Never	4,458	Perl	-
#MalwareMustDie - Decoding Kelihos Simda download FakeAV	Feb 10th, 2014	Never	3,604	JavaScript	-
Have a "xmlrpc.php" & GooDork for Breakfast	Feb 6th, 2014	Never	2,848	XML	-
Phishing AMEX Script (neutralized)	Feb 5th, 2014	Never	7,115	JavaScript	-
A wtf suspicious TDS..	Jan 27th, 2014	Never	2,803	None	-
Forensics Data - PowerLocker $str(MemDumps)	Jan 17th, 2014	Never	2,438	None	-
#Nuclear EK infection domain chains..	Jan 16th, 2014	Never	2,625	None	-
#Simda Payload callbacks Traffic (origin: Kelihos Botnet)	Jan 16th, 2014	Never	2,335	None	-
#Cridex Trojan Infection IP Source per Jan 17 2014	Jan 16th, 2014	Never	4,224	None	-
Trojan/PWS Win32/Cridex RETURNS	Jan 15th, 2014	Never	2,764	None	-
FUD Kelihos	Jan 14th, 2014	Never	2,278	None	-
Kuluoz - Latest Version \| Binary DUMP Analysis	Jan 14th, 2014	Never	10,248	None	-
Shadow Logger Registry Trace in Memory Dump (forensics)	Jan 2nd, 2014	Never	10,898	None	-
Shadow Logger Process Record	Jan 2nd, 2014	Never	2,563	None	-
Shadow Logger PE Strings	Jan 2nd, 2014	Never	3,420	None	-
#MMD Tango Down 311/2,989	Dec 2nd, 2013	Never	2,400	None	-
SURBL CryptoLocker	Nov 13th, 2013	Never	3,638	None	-
BOTNET KULUOZ/ ASPROX BACK WITH NEW EXCYPTION	Nov 12th, 2013	Never	2,601	None	-
Nuclear EK Landing Page in Japan serves Citadel	Nov 8th, 2013	Never	2,251	JavaScript	-
FaceBook IM & Web Driven Facebook Trojan with DGA Downloader	Nov 7th, 2013	Never	8,466	JavaScript	-
#MalwareMustDie - MORE Zbot Trojans UP and ALIVE	Nov 5th, 2013	Never	2,279	None	-
#MalwareMustDie! ZEUS links that needed to nuke down:	Nov 5th, 2013	Never	2,387	None	-
#MalwareMustDie - #PoC of HOW Kelihos Infecting via RedKit	Nov 5th, 2013	Never	2,407	None	-
#MalwareMustDie! Zombie PCs used by Botnet & Malware	Nov 4th, 2013	Never	2,607	None	-
The cracking of 709days used by RunForrestRun DGA	Nov 2nd, 2013	Never	2,714	JavaScript	-
DGA (PseudoRandom Domain) RunForrestRun, Decoding 1st Step	Nov 2nd, 2013	Never	2,660	JavaScript	-
#MalwareMustDie! Zeus Variant Payloads	Oct 30th, 2013	Never	2,505	None	-
#malwareMustDie - The #w00tw00t Attack log	Oct 20th, 2013	Never	3,031	Apache Log	-
YAra rule: Citadel	Oct 15th, 2013	Never	2,456	None	-
#MalwareMustDie! Peeking at Recent Blackhole via IncomingFAX	Sep 19th, 2013	Never	2,440	None	-
KELIHOS MALWARE DETECTION RATIO - BY AV SCANNING AT VT	Aug 31st, 2013	Never	2,387	None	-
OP CleanUp Kelihos, CN: Polandia/Polska	Aug 13th, 2013	Never	2,465	None	-
OP CleanUp Kelihos, CN: Japan	Aug 13th, 2013	Never	2,916	None	-
OP CleanUp Kelihos, CN: Romania	Aug 13th, 2013	Never	2,425	None	-
OP CleanUp Kelihos, CN: Russia	Aug 13th, 2013	Never	3,043	None	-
OP CleanUp Kelihos, CN: USA	Aug 13th, 2013	Never	3,582	None	-
OP CleanUp Kelihos, CN: India	Aug 13th, 2013	Never	2,346	None	-
#MalwareMustDie - Kelihos Botnet IP Aug 11, 2013 take 1	Aug 11th, 2013	Never	38,870	None	-
#MalwareMustDie - Kelihos Botnet IP AUg 11, 2013	Aug 11th, 2013	Never	2,617	None	-
#MalwareMustDie! Kelihos BotNet IP TOTAL Aug 10th 2013	Aug 10th, 2013	Never	7,642	None	-
Chekcing Latest Kelihos .COM domains sinkhole status	Aug 10th, 2013	Never	2,309	None	-
#MalwareMustDie! Last milking today, sorted unique : 1307ip	Aug 10th, 2013	Never	2,197	None	-
Kelihos Hit US IP..	Aug 9th, 2013	Never	2,550	None	-
#MalwareMustDie! Kelihos BotNet IP-2 Aug 10th 2013	Aug 9th, 2013	Never	3,963	None	-
#MalwareMustDie - Log of Report of ANOTHER 2 Kelihos domains	Aug 9th, 2013	Never	2,138	None	-
#MalwareMustDie - Log of Report of 2 more Kelihos domains	Aug 9th, 2013	Never	2,205	None	-
#MalwareMustDie! Kelihos BotNet IP Aug 10th 2013	Aug 9th, 2013	Never	8,484	None	-
#MalwareMustDie - Log of Report of 8 more Kelihos domains	Aug 9th, 2013	Never	2,341	None	-

1 2 3 4 Oldest