2015-01-08 - MALWARE HOSTED ON 82.244.160.22

ASSOCIATED FILES:

 

NOTES:

 

COMPROMISED WEBSITES NOTED ON THREATGLASS:

 

EXAMPLES OF THE MALICIOUS IFRAME FROM THE COMPROMISED WEBSITE:

 

GET REQUESTS AND MALWARE

ASSOCIATED GET REQUESTS FOR .UNDO.IT DOMAINS:

 

ATTEMPTED MALWARE DOWNLOADS FROM THE THREATGLASS PCAPS:

 

COPIES OF THE MALWARE I DOWNLOADED:

 

COPIES OF THE ABOVE MALWARE SUBMITTED TO MALWR.COM:

 

POST-INFECTION PCAPS:

 

POST-INFECTION TRAFFIC

POST-INFECTION TRAFFIC GENERATED BY NON-DIGITALLY-SIGNED MALWARE SAMPLE FROM 2015-01-03:

 

POST-INFECTION TRAFFIC GENERATED BY DIGITALLY-SIGNED MALWARE SAMPLE FROM 2015-01-04:

 

FINAL NOTES

Once again, here are the associated malware files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.