ADWIND — A CROSS-PLATFORM RAT
Common Information
| Type | Value |
|---|---|
| UUID | 7d5cbbd6-9f4d-438b-b840-458b7e3814c2 |
| Fingerprint | 28614afb7b0a8c44b74cfa474358352c53bcaffaa54ab4e1a7934f1dce789c29 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 8, 2016, 3:45 p.m. |
| Added to db | March 10, 2024, 1:58 a.m. |
| Last updated | Aug. 31, 2024, 3:50 a.m. |
| Headline | ADWIND — A CROSS-PLATFORM RAT |
| Title | ADWIND — A CROSS-PLATFORM RAT |
| Detected Hints/Tags/Attributes | 207/3/859 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 176 | cve-2012-0158 |
|
| Details | Domain | 338 | kaspersky.com |
|
| Details | Domain | 3 | jsocket.org |
|
| Details | Domain | 2 | indetectables.net |
|
| Details | Domain | 3 | adwind.com.mx |
|
| Details | Domain | 179 | hotmail.com |
|
| Details | Domain | 1 | boredliner.wordpress.com |
|
| Details | Domain | 3 | alienspy.net |
|
| Details | Domain | 1 | wadesaba.com |
|
| Details | Domain | 1 | alst.ru |
|
| Details | Domain | 1 | external.company1.com |
|
| Details | Domain | 1 | internal.company1.com |
|
| Details | Domain | 1 | server31.hosting.reg.ru |
|
| Details | Domain | 1 | company1.com |
|
| Details | Domain | 1 | company2.com |
|
| Details | Domain | 51 | reg.ru |
|
| Details | Domain | 1 | mail.alst.ru |
|
| Details | Domain | 1 | igbankwuruns.no-ip.info |
|
| Details | Domain | 1 | assylias.inc |
|
| Details | Domain | 36 | malwr.com |
|
| Details | Domain | 1 | broadband.ddns.net |
|
| Details | Domain | 1 | dellboy12.ditchyourip.com |
|
| Details | Domain | 1 | emenike.no-ip.info |
|
| Details | Domain | 1 | egombute.duckdns.org |
|
| Details | Domain | 1 | bnm.gov.my |
|
| Details | Domain | 1 | hosting.goodluckdomain.com |
|
| Details | Domain | 1 | ajmanbank.ae |
|
| Details | Domain | 1 | webmail.subamuhurtham.in |
|
| Details | Domain | 1 | subamuhurtham.in |
|
| Details | Domain | 1 | tradefinance.helsinki |
|
| Details | Domain | 1 | nordea.com |
|
| Details | Domain | 1 | ccd1xm1106.ccd1.root4.net |
|
| Details | Domain | 1 | ccd1ms1130.ccd1.root4.net |
|
| Details | Domain | 1 | previewproperty.co.uk |
|
| Details | Domain | 1 | emenike.no |
|
| Details | Domain | 1 | serv.hfsoft.xyz |
|
| Details | Domain | 1 | www.prachiths.com |
|
| Details | Domain | 177 | blog.trendmicro.com |
|
| Details | Domain | 216 | www.symantec.com |
|
| Details | Domain | 79 | www.f-secure.com |
|
| Details | Domain | 3 | telussecuritylabs.com |
|
| Details | Domain | 2 | blog.crowdstrike.com |
|
| Details | Domain | 10 | www.fidelissecurity.com |
|
| Details | Domain | 425 | isc.sans.edu |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 1 | alienspy-decrypt-v2.py |
|
| Details | Domain | 47 | www.malware-traffic-analysis.net |
|
| Details | Domain | 3 | contagiodump.blogspot.ca |
|
| Details | Domain | 19 | motherboard.vice.com |
|
| Details | Domain | 1 | blog.idiom.ca |
|
| Details | Domain | 370 | www.proofpoint.com |
|
| Details | Domain | 2 | www.indetectables.net |
|
| Details | Domain | 1 | rolltrain.noip.us |
|
| Details | Domain | 1 | achuprn.ddns.net |
|
| Details | Domain | 1 | backconnect123.ddns.net |
|
| Details | Domain | 1 | basketmain1.duckdns.org |
|
| Details | Domain | 1 | brownvictor.ddns.net |
|
| Details | Domain | 1 | ceo.gotdns.ch |
|
| Details | Domain | 1 | chiefonodugo.ddns.net |
|
| Details | Domain | 1 | egbowantedjs.fishdns.com |
|
| Details | Domain | 1 | henrry747.serveminecraft.net |
|
| Details | Domain | 1 | jcures.serveftp.com |
|
| Details | Domain | 1 | justice.linkpc.net |
|
| Details | Domain | 1 | justmealone.ddns.net |
|
| Details | Domain | 1 | justyjohnxplodes.ddns.net |
|
| Details | Domain | 1 | loandept227.ddns.net |
|
| Details | Domain | 1 | manbks123.ddns.net |
|
| Details | Domain | 1 | michael22244.ddns.net |
|
| Details | Domain | 1 | money12.from-ok.com |
|
| Details | Domain | 1 | onlything4now.ddns.net |
|
| Details | Domain | 1 | onyechina.ddns.net |
|
| Details | Domain | 1 | opendoors.myftp.org |
|
| Details | Domain | 1 | pompin02.serveftp.com |
|
| Details | Domain | 1 | upperway60.no-ip.org |
|
| Details | Domain | 1 | zubi009.serveftp.com |
|
| Details | Domain | 1 | 11111111.noip.me |
|
| Details | Domain | 1 | 24rinces.no-ip.biz |
|
| Details | Domain | 1 | abdav21.ddns.net |
|
| Details | Domain | 1 | abudon1990.no-ip.org |
|
| Details | Domain | 1 | abudon22.no-ip.info |
|
| Details | Domain | 1 | abusite11.ddns.net |
|
| Details | Domain | 1 | abyugos0.no-ip.info |
|
| Details | Domain | 1 | abyugos.no-ip.info |
|
| Details | Domain | 1 | admin50.no-ip.org |
|
| Details | Domain | 1 | admin8090.no-ip.org |
|
| Details | Domain | 1 | admin90.no-ip.info |
|
| Details | Domain | 1 | adolfo196938.ddns.net |
|
| Details | Domain | 1 | agary917.ddns.net |
|
| Details | Domain | 1 | aisulu.ddns.net |
|
| Details | Domain | 1 | ajeolokun.ddns.net |
|
| Details | Domain | 1 | akwotie.ddns.net |
|
| Details | Domain | 1 | albertfrankie.no-ip.org |
|
| Details | Domain | 1 | alicejav777.ddns.net |
|
| Details | Domain | 1 | alicejav777.duckdns.org |
|
| Details | Domain | 1 | alien10socket.ddns.net |
|
| Details | Domain | 1 | alien12socket.ddns.net |
|
| Details | Domain | 1 | alien15socket.ddns.net |
|
| Details | Domain | 1 | alien17socket.ddns.net |
|
| Details | Domain | 1 | alien19socket.ddns.net |
|
| Details | Domain | 1 | alien1socket.ddnsking.com |
|
| Details | Domain | 1 | alien4socket.gotdns.ch |
|
| Details | Domain | 1 | alien6socket.ddns.net |
|
| Details | Domain | 1 | alien9socket.ddns.net |
|
| Details | Domain | 1 | alwadwte.ddns.net |
|
| Details | Domain | 1 | anglekeys.ddns.net |
|
| Details | Domain | 1 | anthonywilkinson10.ddns.net |
|
| Details | Domain | 1 | aptsite.ddns.net |
|
| Details | Domain | 3 | audreysaradin.no-ip.org |
|
| Details | Domain | 1 | avprojets.no-ip.biz |
|
| Details | Domain | 1 | ayomide123.ddns.net |
|
| Details | Domain | 1 | ayomide1.ddns.net |
|
| Details | Domain | 1 | badmanthing.ddns.net |
|
| Details | Domain | 1 | banban66.ddns.net |
|
| Details | Domain | 1 | baronbreeze.ddns.net |
|
| Details | Domain | 1 | barratty.ddns.net |
|
| Details | Domain | 1 | basketxrtz.ddns.net |
|
| Details | Domain | 1 | ben770.ddns.net |
|
| Details | Domain | 1 | benabangwu.linkpc.net |
|
| Details | Domain | 1 | biafra147.ddns.net |
|
| Details | Domain | 1 | biggestchurch.ddns.net |
|
| Details | Domain | 1 | biggiechurch.ddns.net |
|
| Details | Domain | 2 | biggymoney01.no-ip.biz |
|
| Details | Domain | 2 | biggymoney03.no-ip.biz |
|
| Details | Domain | 2 | biggymoney2.no-ip.biz |
|
| Details | Domain | 1 | blessingonblessings.dnsfor.me |
|
| Details | Domain | 1 | blessingonblessings.ufcfan.org |
|
| Details | Domain | 1 | bms123.twilightparadox.com |
|
| Details | Domain | 1 | bongotedllc.no-ip.org |
|
| Details | Domain | 1 | bsmarket.ddns.net |
|
| Details | Domain | 1 | budapest89.hopto.me |
|
| Details | Domain | 1 | budapest.ddns.net |
|
| Details | Domain | 1 | bugattiboss.servehttp.com |
|
| Details | Domain | 1 | bullgard.ddns.net |
|
| Details | Domain | 1 | calito888.ddns.net |
|
| Details | Domain | 1 | carlos1388.ddns.net |
|
| Details | Domain | 1 | ceoceocompany.gotdns.ch |
|
| Details | Domain | 1 | chadin.serveftp.com |
|
| Details | Domain | 1 | chewc47.ddns.net |
|
| Details | Domain | 1 | chima147.linkpc.net |
|
| Details | Domain | 1 | chklagos.no-ip.biz |
|
| Details | Domain | 1 | chris101.ddns.net |
|
| Details | Domain | 1 | chriswoolmer00.no-ip.info |
|
| Details | Domain | 1 | chriswork99.ddns.net |
|
| Details | Domain | 1 | cjfitness.ddns.net |
|
| Details | Domain | 1 | clemens.dynns.com |
|
| Details | Domain | 1 | coralgroups.no-ip.biz |
|
| Details | Domain | 1 | correctip.noip.me |
|
| Details | Domain | 1 | crest01.serveftp.com |
|
| Details | Domain | 1 | crest02.serveftp.com |
|
| Details | Domain | 1 | crested01.serveftp.com |
|
| Details | Domain | 1 | damuk1.ddns.net |
|
| Details | Domain | 1 | dave1033.ddns.net |
|
| Details | Domain | 1 | dellboy11.ditchyourip.com |
|
| Details | Domain | 1 | dellboy13.dnsiskinky.com |
|
| Details | Domain | 1 | dellboy15.couchpotatofries.org |
|
| Details | Domain | 1 | dellboy16.eating-organic.net |
|
| Details | Domain | 1 | dellboy17.quicksytes.com |
|
| Details | Domain | 1 | dellboy18.securitytactics.com |
|
| Details | Domain | 1 | deprueba1.no-ip.org |
|
| Details | Domain | 1 | destinynnam.ddns.net |
|
| Details | Domain | 1 | dish-darkcomet2.linkpc.net |
|
| Details | Domain | 1 | divinee.no-ip.biz |
|
| Details | Domain | 1 | divinemove.ddns.net |
|
| Details | Domain | 1 | doingtracks.ddns.net |
|
| Details | Domain | 1 | donhamza.no-ip.org |
|
| Details | Domain | 1 | donorder.ddns.net |
|
| Details | Domain | 1 | dsfgc.ddns.net |
|
| Details | Domain | 1 | dydx69.ddns.net |
|
| Details | Domain | 1 | dydx96.ddns.net |
|
| Details | Domain | 1 | egbowanted2js.ddns.net |
|
| Details | Domain | 1 | egbowantedjs.ddns.net |
|
| Details | Domain | 1 | egede.no-ip.biz |
|
| Details | Domain | 1 | egombute.no-ip.biz |
|
| Details | Domain | 1 | emekau2002.ddns.net |
|
| Details | Domain | 1 | escobar.serveftp.com |
|
| Details | Domain | 1 | evanovik.ddns.net |
|
| Details | Domain | 1 | ewillsin.ddns.net |
|
| Details | Domain | 1 | father60.bounceme.net |
|
| Details | Domain | 1 | felbankgmailjs.no-ip.info |
|
| Details | Domain | 1 | felixres015js.zapto.org |
|
| Details | Domain | 1 | felixresult.no-ip.org |
|
| Details | Domain | 1 | filezilla.no-ip.biz |
|
| Details | Domain | 1 | fingers.noip.me |
|
| Details | Domain | 1 | flexyou.chickenkiller.com |
|
| Details | Domain | 1 | floffman11.no-ip.org |
|
| Details | Domain | 1 | floffman.linkpc.net |
|
| Details | Domain | 1 | focusloa.ddns.net |
|
| Details | Domain | 1 | francemaes15.duckdns.org |
|
| Details | Domain | 1 | franklin49.ddns.net |
|
| Details | Domain | 1 | frankwoodsales.ddns.net |
|
| Details | Domain | 1 | froidthefucker.ddns.net |
|
| Details | Domain | 1 | fulga01.ddns.net |
|
| Details | Domain | 1 | gabito234.serveftp.com |
|
| Details | Domain | 1 | galaxymoni.ddns.net |
|
| Details | Domain | 1 | geogelewis90.ddns.net |
|
| Details | Domain | 1 | georgea.serveftp.com |
|
| Details | Domain | 1 | gist.no-ip.info |
|
| Details | Domain | 1 | gmoneydns.duckdns.org |
|
| Details | Domain | 2 | godwin231.zapto.org |
|
| Details | Domain | 1 | godwin4real.ddns.net |
|
| Details | Domain | 1 | goodloves.ddns.net |
|
| Details | Domain | 1 | goods11.ddns.net |
|
| Details | Domain | 1 | goooodymegma.no-ip.org |
|
| Details | Domain | 1 | gta2.ddns.net |
|
| Details | Domain | 1 | harry150.ddns.net |
|
| Details | Domain | 1 | harryaleandro.ddns.net |
|
| Details | Domain | 1 | hdllsy11.no-ip.org |
|
| Details | Domain | 1 | hedie1979.no-ip.org |
|
| Details | Domain | 1 | henrygalaxy.publicvm.com |
|
| Details | Domain | 1 | herura.ddns.net |
|
| Details | Domain | 1 | hisandu.ddns.net |
|
| Details | Domain | 1 | holymoney.crabdance.com |
|
| Details | Domain | 1 | hustler.no-ip.org |
|
| Details | Domain | 1 | hydrabad-ur.ddns.net |
|
| Details | Domain | 1 | ifeanyi147.ddns.net |
|
| Details | Domain | 1 | ike-jsocket.publicvm.com |
|
| Details | Domain | 1 | importantloggmal.no-ip.biz |
|
| Details | Domain | 1 | importloggm.duckdns.org |
|
| Details | Domain | 1 | indologisticsltd.no-ip.biz |
|
| Details | Domain | 1 | integralhcs.no-ip.biz |
|
| Details | Domain | 1 | intergralhcs.no-ip.biz |
|
| Details | Domain | 1 | iykeben00.no-ip.info |
|
| Details | Domain | 1 | jacobjsockresyah.no-ip.info |
|
| Details | Domain | 1 | jacobremittance.duckdns.org |
|
| Details | Domain | 1 | jadoltd.ddns.net |
|
| Details | Domain | 1 | jagas21.ddns.net |
|
| Details | Domain | 1 | jamescage112.no-ip.biz |
|
| Details | Domain | 1 | javgretest015.chickenkiller.com |
|
| Details | Domain | 1 | jayson2j.no-ip.org |
|
| Details | Domain | 1 | jegs.ddns.net |
|
| Details | Domain | 1 | jesus11.ddns.net |
|
| Details | Domain | 1 | jgabi.serveftp.com |
|
| Details | Domain | 1 | jidespa0024yahjs.no-ip.org |
|
| Details | Domain | 1 | jiokekachi.ddns.net |
|
| Details | Domain | 1 | jjsmits7.serveftp.com |
|
| Details | Domain | 1 | joeban.chickenkiller.com |
|
| Details | Domain | 1 | jonnybary.no-ip.biz |
|
| Details | Domain | 1 | jonnybary.no.ip.biz |
|
| Details | Domain | 1 | jry123.ddns.net |
|
| Details | Domain | 1 | jsocserveronline.read-books.org |
|
| Details | Domain | 1 | jsucket.hackermind.info |
|
| Details | Domain | 1 | judalien.ddns.net |
|
| Details | Domain | 1 | jupita10.ddns.net |
|
| Details | Domain | 1 | just2015.ddns.net |
|
| Details | Domain | 1 | justicebro.linkpc.net |
|
| Details | Domain | 1 | justicsbro.linkpc.net |
|
| Details | Domain | 1 | justicsbro.no-ip.org |
|
| Details | Domain | 1 | justics.no-ip.org |
|
| Details | Domain | 1 | justnd2001.no-ip.biz |
|
| Details | Domain | 1 | jvaoluwade.ddns.net |
|
| Details | Domain | 1 | kane2244.ddns.net |
|
| Details | Domain | 1 | keithoffman25.ddns.net |
|
| Details | Domain | 1 | kifego.servehalflife.com |
|
| Details | Domain | 1 | kingsman.no-ip.org |
|
| Details | Domain | 1 | kipapos.gotdns.ch |
|
| Details | Domain | 1 | kissfromarose.ddns.net |
|
| Details | Domain | 1 | klasik101.ddns.net |
|
| Details | Domain | 1 | klydest.ddns.net |
|
| Details | Domain | 1 | kokoman.no-ip.biz |
|
| Details | Domain | 1 | kuom.ddns.net |
|
| Details | Domain | 1 | lagostj.servebeer.com |
|
| Details | Domain | 1 | lashsecurities.ddns.net |
|
| Details | Domain | 1 | lawrex.publicvm.com |
|
| Details | Domain | 1 | layziebone009.ddns.net |
|
| Details | Domain | 1 | leonardomateus131.ddns.net |
|
| Details | Domain | 1 | leosplint86.ddns.net |
|
| Details | Domain | 1 | link2bros.ddns.net |
|
| Details | Domain | 1 | link2bross.ddns.net |
|
| Details | Domain | 1 | linsom05.noip.me |
|
| Details | Domain | 1 | lisalove.myftp.biz |
|
| Details | Domain | 1 | livesyn03.midexim.com |
|
| Details | Domain | 1 | loandept2281.ddns.net |
|
| Details | Domain | 1 | logisticsltd.no-ip.biz |
|
| Details | Domain | 1 | madman1.ddns.net |
|
| Details | Domain | 1 | magabox126.ddns.net |
|
| Details | Domain | 1 | mainlandbridge.ddns.net |
|
| Details | Domain | 1 | mariopuzo.ddns.net |
|
| Details | Domain | 1 | mascott.ddns.net |
|
| Details | Domain | 1 | masterchris211.ddns.net |
|
| Details | Domain | 1 | masterchris221.ddns.net |
|
| Details | Domain | 1 | mavado.serveblog.net |
|
| Details | Domain | 1 | max1239.ddns.net |
|
| Details | Domain | 1 | mcvin.corotext.com |
|
| Details | Domain | 1 | mega123b.ddns.net |
|
| Details | Domain | 1 | mikey0147.ddns.net |
|
| Details | Domain | 1 | mikkyserial.redirectme.net |
|
| Details | Domain | 1 | millzjsoctrinwi80gm.duckdns.org |
|
| Details | Domain | 1 | money12.from-ny.net |
|
| Details | Domain | 1 | moneyboss.ddns.net |
|
| Details | Domain | 1 | moneycee.ddns.net |
|
| Details | Domain | 1 | moneymind.ddns.net |
|
| Details | Domain | 1 | moore11.no-ip.info |
|
| Details | Domain | 1 | morval.ddns.net |
|
| Details | Domain | 1 | mrmoney.no-ip.biz |
|
| Details | Domain | 1 | mropera12.no-ip.biz |
|
| Details | Domain | 1 | mukor.ddns.net |
|
| Details | Domain | 1 | munachim.linkpc.net |
|
| Details | Domain | 1 | muratozkan.ddns.net |
|
| Details | Domain | 1 | myifyboy.serveftp.com |
|
| Details | Domain | 1 | mypres001.serveftp.com |
|
| Details | Domain | 1 | myyveon.ddns.net |
|
| Details | Domain | 1 | nbw09o.gotdns.ch |
|
| Details | Domain | 1 | newbj.no-ip.biz |
|
| Details | Domain | 1 | nickre015jsock.duckdns.org |
|
| Details | Domain | 1 | nikresut015js.no-ip.org |
|
| Details | Domain | 2 | nikresut015js.zapto.org |
|
| Details | Domain | 1 | nklove66.no-ip.info |
|
| Details | Domain | 1 | nonnykey.ddns.net |
|
| Details | Domain | 1 | nono147.ddns.net |
|
| Details | Domain | 1 | oba147.ddns.net |
|
| Details | Domain | 1 | obaniko1111.ddns.net |
|
| Details | Domain | 1 | obicharls.redirectme.net |
|
| Details | Domain | 1 | officetartousi.no-ip.biz |
|
| Details | Domain | 1 | ogawilli.collegefan.org |
|
| Details | Domain | 1 | okoro.ddns.net |
|
| Details | Domain | 1 | okpole123.ddns.net |
|
| Details | Domain | 1 | okwychrist2004.gotdns.ch |
|
| Details | Domain | 1 | olavroy44.ddns.net |
|
| Details | Domain | 1 | olavroy4.ddns.net |
|
| Details | Domain | 1 | omaricha.no-ip.org |
|
| Details | Domain | 1 | ome.no-ip.info |
|
| Details | Domain | 1 | otimmo.ddns.net |
|
| Details | Domain | 1 | ottimo.ddns.net |
|
| Details | Domain | 1 | otunba.ddns.net |
|
| Details | Domain | 1 | panel2.collegefan.org |
|
| Details | Domain | 1 | passmore1.publicvm.com |
|
| Details | Domain | 1 | perfomiracles247.duckdns.org |
|
| Details | Domain | 1 | peter123456.ddns.net |
|
| Details | Domain | 1 | phcity2090.bounceme.net |
|
| Details | Domain | 1 | philsa.ddns.net |
|
| Details | Domain | 1 | plainview.duckdns.org |
|
| Details | Domain | 1 | plainview.myvnc.com |
|
| Details | Domain | 1 | ppppppp12.ddns.net |
|
| Details | Domain | 1 | prince240.no-ip.biz |
|
| Details | Domain | 1 | prince24.ddns.net |
|
| Details | Domain | 1 | professor.myvnc.com |
|
| Details | Domain | 1 | psarda.ddns.net |
|
| Details | Domain | 1 | quaver.publicvm.com |
|
| Details | Domain | 1 | rayman.ddns.net |
|
| Details | Domain | 1 | reversebaglanti.com |
|
| Details | Domain | 1 | rmg-20.ddns.net |
|
| Details | Domain | 1 | roadmaster2013.ddns.net |
|
| Details | Domain | 1 | rx450.ddns.net |
|
| Details | Domain | 1 | salesexport.sytes.net |
|
| Details | Domain | 1 | saleshore201.serveblog.net |
|
| Details | Domain | 1 | sambahs.ddns.net |
|
| Details | Domain | 1 | septt.dvrcam.info |
|
| Details | Domain | 1 | serialcheck55.serveblog.net |
|
| Details | Domain | 1 | settlement.ddns.net |
|
| Details | Domain | 1 | shadowmek.ddns.net |
|
| Details | Domain | 1 | shadowmekz.ddns.net |
|
| Details | Domain | 1 | silverback.noip.me |
|
| Details | Domain | 1 | smart12456.ddns.net |
|
| Details | Domain | 1 | songs.linkpc.net |
|
| Details | Domain | 1 | spa1dingdiljayah.no-ip.biz |
|
| Details | Domain | 1 | star01.ddns.net |
|
| Details | Domain | 1 | starboy.noip.me |
|
| Details | Domain | 1 | starboy.ufcfan.org |
|
| Details | Domain | 1 | stevemartins02.no-ip.biz |
|
| Details | Domain | 1 | stitatn.no-ip.org |
|
| Details | Domain | 1 | swift.ddns.net |
|
| Details | Domain | 1 | tanwilliam.ddns.net |
|
| Details | Domain | 1 | taraba111.gotdns.ch |
|
| Details | Domain | 1 | tcheckk.ddns.net |
|
| Details | Domain | 1 | tchecks.ddns.net |
|
| Details | Domain | 1 | tetetes2222.chickenkiller.com |
|
| Details | Domain | 1 | theman111.ddns.net |
|
| Details | Domain | 1 | thisreason.ddns.net |
|
| Details | Domain | 1 | tiwamade.ddns.net |
|
| Details | Domain | 1 | toba123.ddns.net |
|
| Details | Domain | 1 | tojaxx.ddns.net |
|
| Details | Domain | 1 | tonychucks.chickenkiller.com |
|
| Details | Domain | 1 | toolsoffice.ddns.net |
|
| Details | Domain | 1 | tpalmer1955.ddns.net |
|
| Details | Domain | 1 | trusplus111.gotdns.ch |
|
| Details | Domain | 1 | ucnas2008.ddns.net |
|
| Details | Domain | 1 | uniteknolog.ddns.net |
|
| Details | Domain | 1 | uniteknolog.duckdns.org |
|
| Details | Domain | 1 | upright22.no-ip.org |
|
| Details | Domain | 1 | upright2.no-ip.org |
|
| Details | Domain | 1 | uyu.webhop.me |
|
| Details | Domain | 1 | valchijioke.publicvm.com |
|
| Details | Domain | 1 | vasocserver.read-books.org |
|
| Details | Domain | 1 | vaspakou.ddns.net |
|
| Details | Domain | 1 | versionfive.ddns.net |
|
| Details | Domain | 1 | vivipas.ddnsking.com |
|
| Details | Domain | 1 | vmoney.ddns.net |
|
| Details | Domain | 1 | web2016web.webhop.me |
|
| Details | Domain | 1 | wellspring4life.ddns.net |
|
| Details | Domain | 1 | whichway.ddns.net |
|
| Details | Domain | 1 | willyd01.ddns.net |
|
| Details | Domain | 1 | wlkd.myftp.org |
|
| Details | Domain | 1 | workshopjs.ddns.net |
|
| Details | Domain | 1 | workshopjs.fishdns.com |
|
| Details | Domain | 1 | writtings.ddns.net |
|
| Details | Domain | 1 | xsubin3310.sytes.net |
|
| Details | Domain | 1 | ypfbackup.mylenovoemc.com |
|
| Details | Domain | 1 | zivva007.ddns.net |
|
| Details | Domain | 1 | zoee.noip.me |
|
| Details | Domain | 15 | trojan.java |
|
| Details | Domain | 1 | trojan.java.agent.fm |
|
| Details | Domain | 1 | trojan.java.agent.fo |
|
| Details | Domain | 1 | trojan.java.agent.fr |
|
| Details | Domain | 1 | trojan.java.agent.cy |
|
| Details | Domain | 1 | trojan.java.agent.dz |
|
| Details | Domain | 1 | backdoor.java.agent.am |
|
| Details | Domain | 11 | backdoor.java |
|
| Details | 147 | intelreports@kaspersky.com |
||
| Details | 1 | fariastreball@hotmail.com |
||
| Details | 1 | alst@alst.ru |
||
| Details | 1 | shahirahbnm@bnm.gov.my |
||
| Details | 1 | s.mushtaha@ajmanbank.ae |
||
| Details | 1 | 20150915040911.12515.48985@hosting.goodluckdomain.com |
||
| Details | 1 | tradefinance.helsinki@nordea.com |
||
| Details | 1 | nitsirt@nordea.com |
||
| Details | 2 | vitaly.kamluk@kaspersky.com |
||
| Details | File | 1 | seerver.jar |
|
| Details | File | 2 | confidencial.pdf |
|
| Details | File | 2 | confidential.pdf |
|
| Details | File | 1 | file2.vbs |
|
| Details | File | 1 | file2.jar |
|
| Details | File | 4 | hosting.reg |
|
| Details | File | 1 | jobs.apk |
|
| Details | File | 1 | moneylaunderingreporta00283b.jar |
|
| Details | File | 13 | no-ip.inf |
|
| Details | File | 5 | org.js |
|
| Details | File | 1 | assylias.inc |
|
| Details | File | 1 | moneylaunderingletter.doc |
|
| Details | File | 1 | 14425380141.db |
|
| Details | File | 1 | ttdetails.doc |
|
| Details | File | 1 | bankwire-details.doc |
|
| Details | File | 1 | freshnow.exe |
|
| Details | File | 31 | writeup.jsp |
|
| Details | File | 1 | fta_1013_rat_in_a_jar.pdf |
|
| Details | File | 1 | alienspy-decrypt-v2.py |
|
| Details | File | 816 | index.html |
|
| Details | File | 1 | alienspy-java-rat-samples-and-traffic.html |
|
| Details | File | 1 | alienspy-java-rat-overview.html |
|
| Details | File | 40 | viewtopic.php |
|
| Details | File | 7 | useraccountcontrolsettings.exe |
|
| Details | File | 117 | taskmgr.exe |
|
| Details | File | 56 | processhacker.exe |
|
| Details | File | 64 | procexp.exe |
|
| Details | File | 18 | msascui.exe |
|
| Details | File | 198 | msmpeng.exe |
|
| Details | File | 3 | mpuxsrv.exe |
|
| Details | File | 97 | mpcmdrun.exe |
|
| Details | File | 71 | wireshark.exe |
|
| Details | File | 9 | tshark.exe |
|
| Details | File | 2 | text2pcap.exe |
|
| Details | File | 6 | rawshark.exe |
|
| Details | File | 4 | mergecap.exe |
|
| Details | File | 2 | editcap.exe |
|
| Details | File | 30 | dumpcap.exe |
|
| Details | File | 2 | capinfos.exe |
|
| Details | File | 14 | mbam.exe |
|
| Details | File | 3 | mbamscheduler.exe |
|
| Details | File | 28 | mbamservice.exe |
|
| Details | File | 6 | adawareservice.exe |
|
| Details | File | 5 | adawaretray.exe |
|
| Details | File | 3 | webcompanion.exe |
|
| Details | File | 3 | adawaredesktop.exe |
|
| Details | File | 4 | v3main.exe |
|
| Details | File | 8 | v3svc.exe |
|
| Details | File | 2 | v3up.exe |
|
| Details | File | 3 | v3sp.exe |
|
| Details | File | 1 | v3proxy.exe |
|
| Details | File | 4 | v3medic.exe |
|
| Details | File | 2 | bgscan.exe |
|
| Details | File | 10 | bullguard.exe |
|
| Details | File | 4 | bullguardbhvscanner.exe |
|
| Details | File | 2 | bullguarscanner.exe |
|
| Details | File | 3 | littlehook.exe |
|
| Details | File | 5 | bullguardupdate.exe |
|
| Details | File | 4 | clamscan.exe |
|
| Details | File | 4 | clamtray.exe |
|
| Details | File | 4 | clamwin.exe |
|
| Details | File | 11 | cis.exe |
|
| Details | File | 5 | cistray.exe |
|
| Details | File | 23 | cmdagent.exe |
|
| Details | File | 3 | cavwp.exe |
|
| Details | File | 3 | dragon_updater.exe |
|
| Details | File | 3 | mwagent.exe |
|
| Details | File | 2 | mwaser.exe |
|
| Details | File | 2 | consctlx.exe |
|
| Details | File | 3 | avpmapp.exe |
|
| Details | File | 3 | econceal.exe |
|
| Details | File | 4 | escanmon.exe |
|
| Details | File | 3 | escanpro.exe |
|
| Details | File | 2 | traysser.exe |
|
| Details | File | 4 | trayicos.exe |
|
| Details | File | 3 | econser.exe |
|
| Details | File | 2 | viewtcp.exe |
|
| Details | File | 2 | fshdll64.exe |
|
| Details | File | 6 | fsgk32.exe |
|
| Details | File | 12 | fshoster32.exe |
|
| Details | File | 7 | fsma32.exe |
|
| Details | File | 6 | fsorsp.exe |
|
| Details | File | 7 | fssm32.exe |
|
| Details | File | 8 | fsm32.exe |
|
| Details | File | 2 | trigger.exe |
|
| Details | File | 5 | fprottray.exe |
|
| Details | File | 4 | fpwin.exe |
|
| Details | File | 6 | fpavserver.exe |
|
| Details | File | 4 | avk.exe |
|
| Details | File | 1 | gdbginx64.exe |
|
| Details | File | 6 | avkproxy.exe |
|
| Details | File | 18 | gdscan.exe |
|
| Details | File | 2 | avkwctlx64.exe |
|
| Details | File | 7 | avkservice.exe |
|
| Details | File | 8 | avktray.exe |
|
| Details | File | 3 | gdkbfltexe32.exe |
|
| Details | File | 3 | gdsc.exe |
|
| Details | File | 3 | virusutilities.exe |
|
| Details | File | 4 | guardxservice.exe |
|
| Details | File | 2 | guardxkickoff_x64.exe |
|
| Details | File | 4 | iptray.exe |
|
| Details | File | 3 | freshclam.exe |
|
| Details | File | 2 | freshclamwrap.exe |
|
| Details | File | 2 | k7rtscan.exe |
|
| Details | File | 2 | k7fwsrvc.exe |
|
| Details | File | 2 | k7pssrvc.exe |
|
| Details | File | 2 | k7emlpxy.exe |
|
| Details | File | 8 | k7tsecurity.exe |
|
| Details | File | 4 | k7avscan.exe |
|
| Details | File | 2 | k7crvsvc.exe |
|
| Details | File | 10 | k7sysmon.exe |
|
| Details | File | 4 | k7tsmain.exe |
|
| Details | File | 2 | k7tsmngr.exe |
|
| Details | File | 3 | nanosvc.exe |
|
| Details | File | 4 | nanoav.exe |
|
| Details | File | 3 | nnf.exe |
|
| Details | File | 2 | nvcsvc.exe |
|
| Details | File | 2 | nbrowser.exe |
|
| Details | File | 2 | nseupdatesvc.exe |
|
| Details | File | 2 | nfservice.exe |
|
| Details | File | 2 | nwscmon.exe |
|
| Details | File | 2 | njeeves2.exe |
|
| Details | File | 2 | nvcod.exe |
|
| Details | File | 4 | nvoy.exe |
|
| Details | File | 2 | zlhh.exe |
|
| Details | File | 6 | zlh.exe |
|
| Details | File | 4 | nprosec.exe |
|
| Details | File | 6 | zanda.exe |
|
| Details | File | 21 | ns.exe |
|
| Details | File | 11 | acs.exe |
|
| Details | File | 6 | op_mon.exe |
|
| Details | File | 4 | psanhost.exe |
|
| Details | File | 3 | psuamain.exe |
|
| Details | File | 5 | psuaservice.exe |
|
| Details | File | 4 | agentsvc.exe |
|
| Details | File | 2 | bdssvc.exe |
|
| Details | File | 6 | emlproxy.exe |
|
| Details | File | 2 | opssvc.exe |
|
| Details | File | 9 | onlinent.exe |
|
| Details | File | 8 | quhlpsvc.exe |
|
| Details | File | 6 | sapissvc.exe |
|
| Details | File | 9 | scanner.exe |
|
| Details | File | 4 | scanwscs.exe |
|
| Details | File | 2 | scproxysrv.exe |
|
| Details | File | 4 | scsecsvc.exe |
|
| Details | File | 9 | superantispyware.exe |
|
| Details | File | 2 | sascore64.exe |
|
| Details | File | 2 | ssupdate64.exe |
|
| Details | File | 2 | superdelete.exe |
|
| Details | File | 2 | sastask.exe |
|
| Details | File | 3 | uiwinmgr.exe |
|
| Details | File | 4 | uiwatchdog.exe |
|
| Details | File | 6 | uiseagnt.exe |
|
| Details | File | 4 | ptwatchdog.exe |
|
| Details | File | 2 | ptsvchost.exe |
|
| Details | File | 3 | ptsessionagent.exe |
|
| Details | File | 5 | coreframeworkhost.exe |
|
| Details | File | 16 | coreserviceshell.exe |
|
| Details | File | 2 | uiupdatetray.exe |
|
| Details | File | 3 | vipreui.exe |
|
| Details | File | 7 | sbamsvc.exe |
|
| Details | File | 5 | sbamtray.exe |
|
| Details | File | 4 | sbpimsvc.exe |
|
| Details | File | 2 | bavhm.exe |
|
| Details | File | 2 | bavsvc.exe |
|
| Details | File | 3 | bavtray.exe |
|
| Details | File | 2 | bav.exe |
|
| Details | File | 2 | bavwebclient.exe |
|
| Details | File | 2 | bavupdater.exe |
|
| Details | File | 2 | mcshieldccc.exe |
|
| Details | File | 2 | mcshieldrtm.exe |
|
| Details | File | 2 | mcshieldds.exe |
|
| Details | File | 1 | mcs-uninstall.exe |
|
| Details | File | 5 | sdscan.exe |
|
| Details | File | 6 | sdfssvc.exe |
|
| Details | File | 4 | sdwelcome.exe |
|
| Details | File | 5 | sdtray.exe |
|
| Details | File | 6 | unthreat.exe |
|
| Details | File | 2 | utsvc.exe |
|
| Details | File | 2 | forticlient.exe |
|
| Details | File | 3 | fcappdb.exe |
|
| Details | File | 3 | fcdblog.exe |
|
| Details | File | 3 | fchelper64.exe |
|
| Details | File | 11 | fmon.exe |
|
| Details | File | 3 | fortiesnac.exe |
|
| Details | File | 3 | fortiproxy.exe |
|
| Details | File | 3 | fortisslvpndaemon.exe |
|
| Details | File | 6 | fortitray.exe |
|
| Details | File | 1 | fortifw.exe |
|
| Details | File | 1 | forticlient_diagnostic_tool.exe |
|
| Details | File | 1 | av_task.exe |
|
| Details | File | 1 | henrygalaxy.pub |
|
| Details | File | 1 | ike-jsocket.pub |
|
| Details | File | 2 | hackermind.inf |
|
| Details | File | 1 | lawrex.pub |
|
| Details | File | 1 | passmore1.pub |
|
| Details | File | 1 | quaver.pub |
|
| Details | File | 2 | dvrcam.inf |
|
| Details | File | 1 | valchijioke.pub |
|
| Details | File | 15 | trojan.java |
|
| Details | File | 12 | backdoor.java |
|
| Details | File | 9 | trojan-downloader.vbs |
|
| Details | File | 15 | a.dat |
|
| Details | Github username | 2 | idiom |
|
| Details | Github username | 5 | kevthehermit |
|
| Details | md5 | 1 | ea68f5067c916ce6afd72aa72e89450d |
|
| Details | md5 | 1 | aa647cc251c0d63170c79c6ea64ae62d |
|
| Details | md5 | 1 | 9d28cb35d6e16f7e3c5382bcd95b621b |
|
| Details | md5 | 1 | 5a7b277e2202d308f1a755505d113986 |
|
| Details | md5 | 1 | 92e3f93d11043d5f8d20922af54ad70c |
|
| Details | md5 | 1 | 1fbd9dabfb5b4aebc382427aae9b187f |
|
| Details | md5 | 1 | e8388a2b7d8559c6f0f27ca91d004c7c |
|
| Details | md5 | 1 | 6ff5e6acb43c0bcbfd649004e96aa6d3 |
|
| Details | md5 | 1 | 214c0a42a318108838f915f4afa4a966 |
|
| Details | md5 | 1 | ae4a15544a47fd007049ca8c1a28331f |
|
| Details | md5 | 1 | 1f14bd3706f22ae03b42510940692c50 |
|
| Details | md5 | 1 | 84ac07a82e35450d258bffe01a2ac020 |
|
| Details | md5 | 1 | 8304f509fbaaa368ae8e4ddfdd36f303 |
|
| Details | md5 | 1 | 4101941083b429db7b3ed01b05d6b46a |
|
| Details | md5 | 1 | 59bd1efe85aac14a09ee2b8ed354a5d1 |
|
| Details | md5 | 1 | ac104488aa3eee51129330b26f65f306 |
|
| Details | md5 | 1 | 049b159904ba88686c5237a447e93c7a |
|
| Details | md5 | 1 | 5ec433678c3e700d0ec4b8cf7f855d19 |
|
| Details | md5 | 1 | 5fb5c494f1adc070f7291bee4f14d03e |
|
| Details | md5 | 1 | f63f98123d0ee829d5973813115e7859 |
|
| Details | md5 | 1 | 274761259f8f3a02b8fdd4a2f06611c5 |
|
| Details | md5 | 1 | c8a544468290c519e2083e35799910d3 |
|
| Details | md5 | 1 | 7b5337c7b4aca81f44dff8c5d9231d04 |
|
| Details | md5 | 1 | 3bbf0f8aec569a743fe26ad1aca7e686 |
|
| Details | md5 | 1 | 36869c86bd5d8763d6a669d222ed806d |
|
| Details | md5 | 1 | 7746109932c5a6a00b05272a96aac94a |
|
| Details | md5 | 1 | 68e06687ee72e84ae8253ea4278ff59f |
|
| Details | sha256 | 1 | 49743bb926da64c9abbc1a793ed58723b405973cd798ace928fc26b18340b708 |
|
| Details | sha256 | 1 | 12e860de446aa82044ca3e94011ac450743e6bee106c604a33b330935d2ddc00 |
|
| Details | sha256 | 1 | 50ef5396480fe75d5d68b5266471bea19524b9ac5ae18aa235de0859e617bfec |
|
| Details | sha256 | 1 | ed015d72b8c63d628e6d90e61af186ee6eb1609ee7cb8893b16ac1c5bf065659 |
|
| Details | IPv4 | 1 | 65.99.225.111 |
|
| Details | IPv4 | 1 | 37.61.235.30 |
|
| Details | IPv4 | 1 | 31.31.196.31 |
|
| Details | IPv4 | 18 | 127.0.0.2 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 1 | 14.3.210.2 |
|
| Details | IPv4 | 1 | 8.15.0.59 |
|
| Details | IPv4 | 1 | 5.254.106.216 |
|
| Details | IPv4 | 3 | 2.5.29.14 |
|
| Details | IPv4 | 1 | 180.74.97.18 |
|
| Details | IPv4 | 1 | 209.160.24.197 |
|
| Details | IPv4 | 1 | 192.230.37.86 |
|
| Details | IPv4 | 1 | 169.254.2.94 |
|
| Details | IPv4 | 1 | 10.16.118.66 |
|
| Details | IPv4 | 1 | 109.108.143.46 |
|
| Details | IPv4 | 1 | 104.27.137.248 |
|
| Details | IPv4 | 1 | 209.160.26.176 |
|
| Details | IPv4 | 1 | 108.61.224.179 |
|
| Details | IPv4 | 1 | 151.236.19.63 |
|
| Details | IPv4 | 1 | 163.47.20.20 |
|
| Details | IPv4 | 1 | 167.88.2.174 |
|
| Details | IPv4 | 1 | 174.127.99.129 |
|
| Details | IPv4 | 1 | 174.127.99.134 |
|
| Details | IPv4 | 1 | 174.127.99.135 |
|
| Details | IPv4 | 2 | 174.127.99.234 |
|
| Details | IPv4 | 1 | 185.17.1.60 |
|
| Details | IPv4 | 1 | 185.17.1.72 |
|
| Details | IPv4 | 1 | 185.17.1.80 |
|
| Details | IPv4 | 1 | 193.105.134.78 |
|
| Details | IPv4 | 1 | 212.7.208.88 |
|
| Details | IPv4 | 1 | 216.185.114.219 |
|
| Details | IPv4 | 1 | 216.38.2.192 |
|
| Details | IPv4 | 1 | 5.254.112.36 |
|
| Details | IPv4 | 1 | 79.172.242.97 |
|
| Details | IPv4 | 1 | 91.236.116.105 |
|
| Details | IPv4 | 1 | 95.140.125.35 |
|
| Details | IPv4 | 1 | 95.140.125.37 |
|
| Details | IPv4 | 1 | 103.25.58.218 |
|
| Details | IPv4 | 1 | 104.152.185.187 |
|
| Details | IPv4 | 1 | 104.202.126.19 |
|
| Details | IPv4 | 1 | 107.161.114.56 |
|
| Details | IPv4 | 1 | 109.73.76.106 |
|
| Details | IPv4 | 1 | 134.19.176.153 |
|
| Details | IPv4 | 1 | 149.202.153.121 |
|
| Details | IPv4 | 1 | 149.71.103.182 |
|
| Details | IPv4 | 1 | 162.13.83.237 |
|
| Details | IPv4 | 1 | 167.88.14.106 |
|
| Details | IPv4 | 1 | 173.209.43.46 |
|
| Details | IPv4 | 1 | 173.254.223.111 |
|
| Details | IPv4 | 1 | 173.254.223.116 |
|
| Details | IPv4 | 1 | 173.254.223.66 |
|
| Details | IPv4 | 1 | 173.254.223.86 |
|
| Details | IPv4 | 1 | 174.127.99.130 |
|
| Details | IPv4 | 1 | 174.127.99.150 |
|
| Details | IPv4 | 1 | 174.127.99.152 |
|
| Details | IPv4 | 1 | 174.127.99.154 |
|
| Details | IPv4 | 1 | 174.127.99.159 |
|
| Details | IPv4 | 1 | 174.127.99.161 |
|
| Details | IPv4 | 1 | 174.127.99.167 |
|
| Details | IPv4 | 1 | 174.127.99.183 |
|
| Details | IPv4 | 1 | 174.127.99.188 |
|
| Details | IPv4 | 1 | 174.127.99.195 |
|
| Details | IPv4 | 1 | 174.127.99.220 |
|
| Details | IPv4 | 1 | 178.175.138.166 |
|
| Details | IPv4 | 1 | 178.175.138.168 |
|
| Details | IPv4 | 1 | 178.175.138.207 |
|
| Details | IPv4 | 1 | 178.175.138.238 |
|
| Details | IPv4 | 1 | 184.17.1.67 |
|
| Details | IPv4 | 1 | 184.75.210.205 |
|
| Details | IPv4 | 1 | 185.10.56.24 |
|
| Details | IPv4 | 1 | 185.17.1.160 |
|
| Details | IPv4 | 1 | 185.17.1.162 |
|
| Details | IPv4 | 1 | 185.17.1.166 |
|
| Details | IPv4 | 1 | 185.17.1.182 |
|
| Details | IPv4 | 1 | 185.17.1.190 |
|
| Details | IPv4 | 1 | 185.17.1.194 |
|
| Details | IPv4 | 1 | 185.17.1.198 |
|
| Details | IPv4 | 1 | 185.17.1.205 |
|
| Details | IPv4 | 1 | 185.17.1.206 |
|
| Details | IPv4 | 1 | 185.17.1.223 |
|
| Details | IPv4 | 1 | 185.17.1.226 |
|
| Details | IPv4 | 1 | 185.17.1.227 |
|
| Details | IPv4 | 1 | 185.17.1.229 |
|
| Details | IPv4 | 1 | 185.17.1.235 |
|
| Details | IPv4 | 1 | 185.17.1.242 |
|
| Details | IPv4 | 1 | 185.17.1.250 |
|
| Details | IPv4 | 1 | 185.17.1.48 |
|
| Details | IPv4 | 1 | 185.17.1.68 |
|
| Details | IPv4 | 1 | 185.17.1.70 |
|
| Details | IPv4 | 1 | 185.17.1.71 |
|
| Details | IPv4 | 1 | 185.19.85.151 |
|
| Details | IPv4 | 1 | 185.24.234.50 |
|
| Details | IPv4 | 2 | 185.29.9.16 |
|
| Details | IPv4 | 1 | 185.32.221.5 |
|
| Details | IPv4 | 1 | 185.5.175.222 |
|
| Details | IPv4 | 1 | 185.75.59.145 |
|
| Details | IPv4 | 1 | 185.84.181.73 |
|
| Details | IPv4 | 1 | 185.84.181.79 |
|
| Details | IPv4 | 1 | 185.84.181.80 |
|
| Details | IPv4 | 1 | 185.84.181.81 |
|
| Details | IPv4 | 1 | 185.84.181.82 |
|
| Details | IPv4 | 1 | 185.84.181.85 |
|
| Details | IPv4 | 1 | 185.84.181.92 |
|
| Details | IPv4 | 1 | 185.84.181.94 |
|
| Details | IPv4 | 1 | 185.84.181.96 |
|
| Details | IPv4 | 1 | 188.95.54.106 |
|
| Details | IPv4 | 1 | 191.101.151.13 |
|
| Details | IPv4 | 1 | 192.64.11.253 |
|
| Details | IPv4 | 1 | 198.101.10.208 |
|
| Details | IPv4 | 1 | 198.27.105.165 |
|
| Details | IPv4 | 1 | 198.27.126.224 |
|
| Details | IPv4 | 1 | 198.50.222.252 |
|
| Details | IPv4 | 1 | 198.50.248.30 |
|
| Details | IPv4 | 1 | 199.16.31.184 |
|
| Details | IPv4 | 1 | 199.16.31.186 |
|
| Details | IPv4 | 1 | 199.255.138.17 |
|
| Details | IPv4 | 1 | 199.255.138.19 |
|
| Details | IPv4 | 1 | 199.255.138.38 |
|
| Details | IPv4 | 1 | 199.255.138.43 |
|
| Details | IPv4 | 1 | 204.152.219.120 |
|
| Details | IPv4 | 1 | 204.152.219.70 |
|
| Details | IPv4 | 1 | 204.45.207.49 |
|
| Details | IPv4 | 1 | 204.45.207.53 |
|
| Details | IPv4 | 1 | 212.7.208.71 |
|
| Details | IPv4 | 1 | 212.7.208.86 |
|
| Details | IPv4 | 1 | 212.7.218.136 |
|
| Details | IPv4 | 1 | 213.184.126.142 |
|
| Details | IPv4 | 1 | 213.208.129.204 |
|
| Details | IPv4 | 2 | 213.208.129.211 |
|
| Details | IPv4 | 1 | 213.208.129.218 |
|
| Details | IPv4 | 1 | 213.208.129.220 |
|
| Details | IPv4 | 1 | 213.208.152.218 |
|
| Details | IPv4 | 1 | 216.107.152.237 |
|
| Details | IPv4 | 1 | 216.38.2.216 |
|
| Details | IPv4 | 1 | 216.38.8.189 |
|
| Details | IPv4 | 1 | 23.105.128.147 |
|
| Details | IPv4 | 1 | 23.105.128.148 |
|
| Details | IPv4 | 1 | 23.105.131.155 |
|
| Details | IPv4 | 1 | 23.105.131.188 |
|
| Details | IPv4 | 2 | 23.105.131.209 |
|
| Details | IPv4 | 1 | 23.227.196.198 |
|
| Details | IPv4 | 1 | 23.227.196.207 |
|
| Details | IPv4 | 1 | 23.227.199.118 |
|
| Details | IPv4 | 1 | 23.227.199.121 |
|
| Details | IPv4 | 1 | 23.227.199.72 |
|
| Details | IPv4 | 1 | 23.231.23.182 |
|
| Details | IPv4 | 1 | 31.171.155.72 |
|
| Details | IPv4 | 1 | 46.151.208.242 |
|
| Details | IPv4 | 1 | 46.20.33.104 |
|
| Details | IPv4 | 1 | 46.20.33.76 |
|
| Details | IPv4 | 1 | 50.7.199.164 |
|
| Details | IPv4 | 1 | 51.254.21.25 |
|
| Details | IPv4 | 1 | 5.187.34.231 |
|
| Details | IPv4 | 1 | 5.254.106.208 |
|
| Details | IPv4 | 1 | 5.254.106.251 |
|
| Details | IPv4 | 1 | 5.254.112.21 |
|
| Details | IPv4 | 1 | 5.254.112.24 |
|
| Details | IPv4 | 1 | 5.254.112.56 |
|
| Details | IPv4 | 1 | 5.254.112.60 |
|
| Details | IPv4 | 1 | 5.79.79.67 |
|
| Details | IPv4 | 1 | 5.79.79.70 |
|
| Details | IPv4 | 1 | 67.215.4.74 |
|
| Details | IPv4 | 1 | 67.215.4.75 |
|
| Details | IPv4 | 1 | 67.215.9.231 |
|
| Details | IPv4 | 1 | 67.215.9.232 |
|
| Details | IPv4 | 1 | 67.215.9.235 |
|
| Details | IPv4 | 1 | 69.65.7.141 |
|
| Details | IPv4 | 1 | 79.172.242.87 |
|
| Details | IPv4 | 1 | 80.82.209.178 |
|
| Details | IPv4 | 1 | 82.221.111.133 |
|
| Details | IPv4 | 1 | 85.195.203.29 |
|
| Details | IPv4 | 1 | 85.195.203.33 |
|
| Details | IPv4 | 1 | 85.195.203.9 |
|
| Details | IPv4 | 1 | 89.163.154.145 |
|
| Details | IPv4 | 1 | 91.109.22.100 |
|
| Details | IPv4 | 1 | 91.236.116.136 |
|
| Details | IPv4 | 1 | 94.156.219.237 |
|
| Details | IPv4 | 1 | 95.140.125.46 |
|
| Details | IPv4 | 1 | 95.140.125.62 |
|
| Details | IPv4 | 1 | 95.140.125.76 |
|
| Details | IPv4 | 2 | 95.140.125.85 |
|
| Details | Url | 1 | http://wadesaba.com/admin/file2.vbs |
|
| Details | Url | 1 | http://wadesaba.com/admin/file2.jar |
|
| Details | Url | 1 | https://jsocket.org/page/profile/egombute |
|
| Details | Url | 1 | http://blog.trendmicro.com/trendlabs-security-intelligence/nigerian-cuckoo- |
|
| Details | Url | 1 | https://malwr.com/analysis/zhlytkwnje2yjuwndflyzlhy2zjmtq1nzqwzjnmmge |
|
| Details | Url | 1 | https://www.symantec.com/security_response/writeup.jsp?docid=2013 |
|
| Details | Url | 1 | https://www.f-secure.com/v-descs/backdoor_java_adwind.shtml |
|
| Details | Url | 1 | http://telussecuritylabs.com/threats/show/tsl20141118-03 |
|
| Details | Url | 1 | http://blog.crowdstrike.com/adwind-rat-rebranding |
|
| Details | Url | 1 | https://www.fidelissecurity.com/sites/default/files/fta_1013_rat_in_a_jar.pdf |
|
| Details | Url | 1 | https://isc.sans.edu/forums/diary/adwind |
|
| Details | Url | 1 | https://github.com/idiom/irscripts/blob/master/alienspy-decrypt-v2.py |
|
| Details | Url | 1 | http://www.malware-traffic-analysis.net/2015/08/06/index.html |
|
| Details | Url | 1 | http://contagiodump.blogspot.ca/2014/11/alienspy-java-rat-samples-and-traffic.html |
|
| Details | Url | 1 | http://motherboard.vice.com/read/malware-hunter-finds-spyware-used-against- |
|
| Details | Url | 1 | http://www.symantec.com/connect/blogs/terror-alert-spam-targets-middle-east- |
|
| Details | Url | 1 | https://github.com/kevthehermit/ratdecoders |
|
| Details | Url | 1 | http://blog.idiom.ca/2015/03/alienspy-java-rat-overview.html |
|
| Details | Url | 1 | https://boredliner.wordpress.com/2014/02/07/cracking-obfuscated-java-code- |
|
| Details | Url | 1 | https://www.proofpoint.com/us/threat-insight/post/you-dirty-rat |
|
| Details | Url | 1 | http://www.indetectables.net/viewtopic.php?f=92&t=36954& |
|
| Details | Windows Registry Key | 104 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows |
|
| Details | Windows Registry Key | 36 | HKEY_CURRENT_USER\Software\Microsoft\Windows |
|
| Details | Windows Registry Key | 2 | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft |
|
| Details | Yara rule | 1 | rule Adwind_JAR_PACKA {
meta:
author = "Vitaly Kamluk, Vitaly.Kamluk@kaspersky.com"
last_modified = "2015-11-30"
strings:
$b1 = ".class"
$b2 = "c/a/a/"
$b3 = "b/a/"
$b4 = "a.dat"
$b5 = "META-INF/MANIFEST.MF"
condition:
int16(0) == 0x4B50 and ($b1 and $b2 and $b3 and $b4 and $b5)
} |
|
| Details | Yara rule | 1 | rule Adwind_JAR_PACKB {
meta:
author = "Vitaly Kamluk, Vitaly.Kamluk@kaspersky.com"
last_modified = "2015-11-30"
strings:
$c1 = "META-INF/MANIFEST.MF"
$c2 = "main/Start.class"
$a1 = "config/config.perl"
$b1 = "java/textito.isn"
condition:
int16(0) == 0x4B50 and ($c1 and $c2 and ($a1 or $b1))
} |