MalwareSigs
Noticed some interesting traffic following the below: hxxp://sunduk.biz/forum/docs/login.php hxxp://qobac.cobor.in/g76df4d/rtp.xap?0.4495108588209197 hxxp://qobac.cobor.in/g76df4d/rtu.swf?0.4495108588209197 hxxp://qobac.cobor.in/g76df4d/rtu.php?0.4495108588209197 hxxp://qobac.cobor.in/pofrj4l/2 > Fiesta Gate When observing the landing there is...
Like it’s 2010 i guess. This is just a simple FakeAV being delivered from ads on sites like telegraph.co.uk and dailymotion.com. No exploit, just relying on the user to click yes to download and then run it. All activity I have seen appears to be for a few IP addresses and domains utilize the .nl TLD. 212.83.155.45, 212.83.155.46, and 212.83.155.47(a...
@Kafeine has a great overview of HiMan EK. Here are some places it’s been recently. 217.23.1.129 217.23.1.164 37.200.65.95 46.182.27.35 46.182.27.68 46.182.27.114 46.182.27.118 46.182.27.140 46.182.27.162 46.182.27.179 46.182.27.218 46.182.27.234 Examples after the break… 46.182.27.35 7/51 2013-12-01 03:03:02 http://server8-java.com/setup/Setup.exe...
Angler EK Exploits HTTP Method = GET Regex URI = ^http:\/\/[^/]+\/0[a-z0-9]{13}$ Angler EK Payloads HTTP Method = GET Regex URI = ^http:\/\/[^/]+\/1[a-z0-9]{13}$ Examples of AnglerEK on Urlquery.net Date / IP Address (11/15) 78.47.235.252 (11/15) 23.229.69.50 (11/15) 64.187.226.237 (11/12) 50.7.187.34 (11/11...
Use these to help find infected hosts on your network… Clickfraud domains 4dj-and-zorro.com a-dom24.net achernar-ab.net andersongibson.net ankunding.biz arcturus7a.info batznolan.info beierlehner.org bepettones.net betelgeuse-xl.com block27.biz blockcollins.biz brandom-what.org canopus23.com capella15a.com cronawalter.org cummings-west3.net...
Flashpack is still around. Has been seen recently being delivered with ads. Observed IP Addresses: 198.98.121.245 108.171.205.105 46.254.21.128 50.2.53.150 GATE HTTP Method = GET HTTP URI contains */svoykrik/gate.php?id=*&callback=__JSONP__0 Regex HTTP for id=[0-9]{20,} JAR HTTP Method = GET HTTP URI contains */svoykrik/jete/* User Agent = *Java/1.*...
Build your own newsfeed
Ready to give it a go?
Start a 14-day trial, no credit card required.