Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: May 2016

Subscribe Today!

About Me

Dancho Danchev

Threat Intelligence Analysis (OSINT/Cyber Counter Threat Intelligence/). Clandestine Operations, Cyberspace Operator Management, Black Ops, Tailored Access Operations, Cyber Warfare Analysis, Offensive Cyber Warfare Operator Management, Technical Collector. Approach me ddanchev@confidantmail.org ecad935e498773ce60d0cd2093a7755dedcdedc5

View my complete profile

Donate Today!

Followers
Categories
- 419 Scam (2)
- AbdAllah (1)
- Abdallah Internet Hizmetleri (1)
- Able Danger (1)
- Active Security Monitor (1)
- Advance Fee Scam (1)
- Advertising (2)
- Adware (2)
- Affiliate Network (5)
- Al Qaeda (1)
- Allied Group Inc (1)
- Amazon AWS (1)
- ANA Spoofer Project (1)
- Anonymity (31)
- Anonymizer (1)
- Anti-Phishing Group (1)
- Antivirus (6)
- Antivirus Signatures (3)
- Anton Nikolaevich Korotchenko (1)
- AOL (2)
- Apple (1)
- ASProx (2)
- Astalavista (3)
- ATM Skimmer (1)
- ATS (1)
- Authentication (2)
- Avalance Botnet (2)
- BadB (1)
- Bahama Botnet (1)
- BakaSoftware (1)
- Bantu (1)
- Bebo (1)
- Bed Time Reading (1)
- Best Practices (2)
- BGP (1)
- Big Brother (3)
- Bill Gates Botnet (1)
- Biometrics (1)
- Bjorn Andreasson (1)
- Blackhat SEO (24)
- Boeing (1)
- Bogus Account (1)
- Botnet (105)
- Brute-Forcing (1)
- C4I (1)
- CALEA (1)
- Candid Wuest (1)
- Career Enrichment (1)
- Cash Transfers (1)
- CCTV (1)
- CDT (1)
- CellDEK (1)
- Censorship (26)
- Center for Democracy and Technology (1)
- CERT (1)
- Cheyenne Mountain Operations Center (1)
- Child Pornography (1)
- China (6)
- China Eagle Union (1)
- CIA (5)
- CipherTrust (1)
- Classified Information (1)
- Client-Side Exploits (28)
- Client-Side Vulnerabilities (28)
- CNO (1)
- COMINT (1)
- Competitive Intelligence (3)
- Compliance (3)
- Computer Crime Survey (1)
- Computer Network Operation (1)
- Conficker (1)
- Confidential Connections (1)
- Conspiracy (1)
- Conspiracy Theory (1)
- Cookies (1)
- Corporate Risk Management (4)
- Credit Cards (3)
- Crimeware (2)
- Critical Infrastructure (2)
- Crusade Affiliates (1)
- Crypters (1)
- Cryptography (4)
- Cryptome (2)
- Cryptoviral Extortion (1)
- CSIA (2)
- Cyber Attack (5)
- Cyber Espionage (6)
- Cyber Insurance (1)
- Cyber Jihad (14)
- Cyber Militia (4)
- Cyber Security Industry Alliance (1)
- Cyber Security Investment (3)
- Cyber Terrorism (20)
- Cyber Warfare (28)
- Cybercrime (98)
- Cyberpunk (4)
- Cyberspace (16)
- Daniel Brandt (1)
- Dark Forum (1)
- DarkComet RAT (1)
- Data Acquisition (1)
- Data Breach (6)
- Data Center (1)
- Data Mining (6)
- David Endler (2)
- DDoS (7)
- Defense Complex (1)
- Denmark (1)
- DHS (1)
- Digital Armaments (1)
- Digital Forensics (2)
- Digital Rights (8)
- Dilbert (1)
- Distributed Computing (4)
- Distributed Computing Project (4)
- Distributed Project (4)
- DNS (2)
- DNS Changer (1)
- DoJ (1)
- DotCom (1)
- DreamHost (1)
- Dropbox (1)
- DVD of the Weekend (4)
- E-Banking (2)
- E-Business (3)
- E-Commerce (2)
- Eavesdropping (17)
- Ebay (1)
- ECHELON (2)
- ECOFIN Projects (1)
- Economics (3)
- eID (1)
- Electromagnetic Pulse Weapons (3)
- Electronic Banking (1)
- ELINT (1)
- EMP (3)
- Encrypted Communication (5)
- Encryption (5)
- Enigma (2)
- ENISA (1)
- Enki Bilal (1)
- Enron (1)
- Erasmus Bridge (1)
- Eric Goldman (2)
- Espionage (3)
- Exmanoize (1)
- Exploit Broker (10)
- Exploits (37)
- Eyeball Series (1)
- F-Secure (1)
- Facebook (15)
- Fake Account (1)
- Fake Adobe Flash Player (4)
- Fake Certificate (1)
- Fake Chrome Extension (1)
- Fake Chrome Update (1)
- Fake Code Signing Certificate (1)
- Fake Confirmed Facebook Friend Request Email (1)
- Fake Documents (6)
- Fake Facebook Notification (1)
- Fake Facebook Profile Spy Application (1)
- Fake Firefox Update (1)
- Fake Hosting Provider (1)
- Fake ID (7)
- Fake Internet Explorer Update (1)
- Fake Passport (7)
- Fake Safari Update (1)
- Fake Security Software (42)
- Fake Utility Bill (4)
- Fake Video Codec (2)
- Fake Visa (1)
- Fake Visa Application (1)
- Fake Who's Viewed Your Facebook Profile Extension (4)
- Fake YouTube Player (1)
- Fast-Flux (1)
- FBI (2)
- FBI Most Wanted (1)
- FCC (1)
- FDIC (1)
- Financial Management (1)
- FireEye (1)
- Forensics (2)
- FoxNews (1)
- Fraud (10)
- Free Speech (16)
- FSB (2)
- FTLog (1)
- FTLog Worm (1)
- Gartner (1)
- Gavril Danilkin (1)
- GazTranzitStroyInfo (1)
- Generation I (1)
- George Bush (1)
- Georgi Markov (1)
- Georgia (2)
- GiveMeDB (1)
- Global Security Challenge (1)
- GoDaddy (1)
- Google (12)
- Google Ads (1)
- Google Docs (6)
- Google Earth (4)
- Google Groups (1)
- Google Hacking (2)
- Google Maps (3)
- Google Store (1)
- Greece (1)
- Growth Hacker (2)
- GUI (1)
- Gumblar (1)
- Hacked Database (2)
- Hacking (212)
- Hacktivism (5)
- Haiti (1)
- Hezbollah (1)
- Hilary Kneber (2)
- Homebrew (1)
- Honker Union of China (1)
- ICBM (1)
- ID Theft (4)
- iDefense (3)
- Identity Theft (4)
- Illegal Hosting (1)
- IMINT (2)
- IMLogic (3)
- Information Security (327)
- Information Security Market (5)
- Information Warfare (32)
- Infrastructure Security (1)
- InqTana Mac OS X Malware (1)
- Insider (6)
- Insider Threat (7)
- Instant Messaging (6)
- Intellectual Property (1)
- Intelligence (13)
- Intelligence Agency (11)
- Intelligence Community (11)
- Internal Revenue Service (1)
- International Exploit Shop (2)
- Internet (15)
- Internet Censorship (22)
- Internet Economy (4)
- Internet Relay Chat (1)
- Investment Banking (6)
- IP Cloaking (2)
- IP Hiding (1)
- IP Spoofing (1)
- iPowerWeb (1)
- IPSec (1)
- IPv4 (1)
- IPv6 (2)
- Iran (3)
- IRC (1)
- IRS (1)
- Joanna Rutkowska (1)
- Johannes Ullrich (2)
- John Young (1)
- K Rudolph (1)
- Katrina (1)
- Keylogger (1)
- KGB (4)
- Koobface (24)
- Korean Demilitarized Zone (1)
- KrotReal (1)
- Latvia (1)
- Law Enforcement (2)
- Lawful Interception (1)
- Lenovo (3)
- Lizamoon (2)
- Localization (1)
- Location Tracking (2)
- Lockheed Martin (1)
- Logicube (1)
- Lone Gunmen (3)
- Lubyanka Square Headquarters (1)
- M4 Project (1)
- Mac OS X (3)
- Malicious Software (117)
- Malvertising (4)
- Marketing (2)
- Mass Web Site Defacement (2)
- Mastercard (1)
- McAfee (2)
- Metrics (1)
- Microsoft (2)
- Microsoft Live (1)
- Military Communications (1)
- Missile Base (1)
- Mobile (2)
- Mobile Internet (1)
- Mobile Location Tracking (2)
- Mobile Malware (6)
- Money Laundering (21)
- Money Mule (22)
- Money Mule Recruitment (22)
- Monoculture (1)
- Morgan Stanley (1)
- MSN (3)
- Muhammad Cartoons (1)
- MyWebFace (1)
- NASA (1)
- National Security (2)
- Native Intelligence (1)
- NBC (2)
- NetAssist LLC (1)
- NetCraft (1)
- Network Solutions (3)
- New Media (8)
- Nikolay Nedyalkov (1)
- Nikopol Trilogy (1)
- Nintendo (1)
- Nintendo DS (1)
- Norman Sandbox (1)
- North Korea (2)
- NSA (5)
- Nuclear Weapons (3)
- Nyxem (1)
- OEM (1)
- One-Time Passwords In Everything (1)
- OneCare (1)
- Online Advertising (4)
- Online Fraud (5)
- Online Marketing (3)
- Open Source Malware (3)
- OPIE (1)
- OPSEC (1)
- Osama Bin Laden (1)
- OSINT (12)
- OTC (1)
- OTP (1)
- Over-The-Counter (1)
- Packers (1)
- Parked Domains (1)
- Passwords (2)
- PayPal (1)
- Perplex City (1)
- Persistent Cookies (1)
- Personal Career (1)
- Personal Data (1)
- Pharmaceutical Scams (1)
- Phileas Crawler (1)
- Phishing (4)
- Phishing Campaign (4)
- Phishing Toolbar (2)
- PhishTube (1)
- Physical Security (1)
- Pinterest (1)
- Piracy (1)
- Point of Sale Terrminal (1)
- Politics (1)
- PornTube (1)
- POS (1)
- Potentially Unwanted Application (2)
- Privacy (31)
- Prolexic (1)
- Proxy Service (1)
- PSYOPS (1)
- Qassam Cyber Fighters (2)
- Radicati Group (1)
- Ray Kurzweil (1)
- Reconnaissance Satellite (2)
- Regulation (1)
- Remote Access Tool (1)
- Reporters Without Borders (1)
- Return On Investment (6)
- Return On Security Investment (8)
- Revolution in Militvry Affairs (1)
- RIPA (1)
- Risk Management (2)
- Rogue Account (1)
- Rogue Chrome Extension (1)
- Rogue Video Codec (1)
- Rogue YouTube Player (1)
- ROI (3)
- Roman Polesek (1)
- Root Server (2)
- Rootkit (1)
- ROSI (7)
- Russia (5)
- Russian Bomber (1)
- Russian Business Network (3)
- Russian Submarine (1)
- Safe Harbor (1)
- Satellite Imagery (3)
- Satellite Jamming (1)
- Satellite SIGINT (1)
- Scams (8)
- Scandoo (1)
- ScanSafe (1)
- Scareware (42)
- Scribd (1)
- Search Engine (9)
- Search Engine Optimization (24)
- SEC (1)
- Secure Communication (1)
- Securities and Exchange Commission (1)
- Security (332)
- Security Awareness (1)
- Security Breach (4)
- Security Education (1)
- Security Game (1)
- Security Industry (6)
- Security Interviews (3)
- Security Investment (1)
- Security Metrics (3)
- Security Statistics (3)
- Security Training (1)
- Security Trends (8)
- Sensitive Information (2)
- Shadow Server (1)
- ShadowCrew (1)
- SIGINT (1)
- SIPRNET (2)
- SITE Institute (1)
- SiteAdvisor (4)
- Skype (2)
- Sniffing (1)
- Social Engineering (1)
- Social Network Analysis (5)
- SocialMediaSystem (1)
- Software Piracy (1)
- Sophos (1)
- Space Warfare (3)
- Space Weapons (1)
- Spam (7)
- Spam Campaign (7)
- Spam Operations (7)
- Spoofing (1)
- Sprott Asset Management (1)
- Spyware (1)
- SQL Injection (3)
- SSL (2)
- SSN (1)
- Starlight (1)
- Stealth Ideas Inc (1)
- Steganography (1)
- Stolen Credit Card (3)
- Strider Crawler (1)
- Sub7 (1)
- Suri Pluma (1)
- Surveillance (17)
- Swine Flu (1)
- Symantec (5)
- Symbian (1)
- Syria (1)
- Syrian Embassy (1)
- TAN (1)
- Tech Support Scam (1)
- Technical Collection (2)
- Technical Mujahid (1)
- Terrorism (7)
- The Bunker (1)
- The Immortals (1)
- The Lawnmower Man (2)
- The Outer Limits (4)
- Threat Intelligence (2)
- TIA (4)
- Tipping Point (1)
- Tor (1)
- TorrentReactor (1)
- Total Information Awareness (4)
- Travel Without Moving (7)
- TrendMicro (1)
- Trifinite Group (1)
- Trojan Horse (1)
- TROYAK-AS (2)
- Twitter (3)
- Two-Factor Authentication (3)
- Typosquatting (3)
- U.S Bureau of Engraving and Printing (2)
- U.S Driving License (1)
- University ID Card (1)
- VeriSign (1)
- Vertex Net Loader (1)
- Virtual Private Network (1)
- Virtual Reality (1)
- Virtual World (1)
- Virus Map (1)
- Virus Recovery Button (1)
- Viruses (2)
- VirusTotal (1)
- Visa (1)
- Visual Information System (2)
- Visualization (3)
- VoIP (2)
- VPN (1)
- Vulnerabilities (37)
- Vulnerability Broker (10)
- War Driving (1)
- War Games (1)
- Weapon Systems (1)
- Web 2.0 (2)
- Web Application Worm (1)
- Web Crawler (2)
- Web Inject (1)
- Web Proxy Service (1)
- Web Site Defacement (2)
- Webroot (1)
- Wireless (2)
- Wireless Hacking (1)
- Wireless Internet (2)
- Wiretapping (7)
- WMF Vulnerability (2)
- X-Files (2)
- XSS (1)
- Yahoo (2)
- YouTube (1)
- Zero Day Exploit (5)
- Zero Day Initiative (2)
- Zerodium (1)
- ZeuS (1)
- Zombie Alert (2)
- Zone-H (2)
- Zotob (1)
Popular Posts
Follow Me On Twitter!

Tweets by dancho_danchev

Featured Post

Exposing the Market for Stolen Credit Cards Data

Follow by Email
Archives
► 2019 (13)

► February (9)

► January (4)

► 2018 (26)

► October (25)

► July (1)

► 2017 (10)

► May (8)

► January (2)

▼ 2016 (24)

► December (12)

► August (7)

▼ May (1)

Malicious Campaign Affects Hundreds of Web Sites, ...

► April (4)

► 2015 (3)

► August (2)

► July (1)

► 2014 (11)

► October (1)

► March (3)

► January (7)

► 2013 (79)

► December (5)

► November (12)

► October (3)

► September (6)

► August (14)

► July (6)

► June (8)

► May (5)

► April (5)

► March (3)

► February (6)

► January (6)

► 2012 (38)

► December (2)

► November (7)

► October (3)

► September (4)

► August (2)

► July (2)

► June (2)

► May (4)

► April (2)

► March (2)

► February (2)

► January (6)

► 2011 (58)

► December (1)

► October (7)

► September (4)

► August (4)

► July (3)

► June (1)

► May (10)

► April (5)

► March (12)

► February (6)

► January (5)

► 2010 (89)

► September (2)

► August (3)

► July (7)

► June (7)

► May (16)

► April (15)

► March (13)

► February (17)

► January (9)

► 2009 (134)

► December (9)

► November (13)

► October (9)

► September (10)

► August (12)

► July (14)

► June (11)

► May (11)

► April (11)

► March (11)

► February (13)

► January (10)

► 2008 (266)

► December (10)

► November (15)

► October (25)

► September (17)

► August (26)

► July (38)

► June (19)

► May (33)

► April (30)

► March (19)

► February (21)

► January (13)

► 2007 (334)

► December (21)

► November (34)

► October (32)

► September (28)

► August (25)

► July (22)

► June (20)

► May (30)

► April (20)

► March (41)

► February (32)

► January (29)

► 2006 (326)

► December (20)

► November (20)

► October (28)

► September (40)

► August (27)

► July (28)

► June (29)

► May (33)

► April (20)

► March (19)

► February (23)

► January (39)

► 2005 (6)

► December (6)

Malicious Campaign Affects Hundreds of Web Sites, Thousands of Users Affected

Posted by Dancho Danchev | Marcadores: Blackhat SEO, Botnet, Hacking, Information Security, Malicious Software, Search Engine Optimization, Security

We've recently intercepted, a currently, circulating, malicious, campaign, affecting, hundreds, of Web sites, and exposing, users, to, a, multi-tude, of, malicious, software.

In this post, we'll profile, the campaign, provide malicious MD5s, expose, the, infrastructure, behind, it, and, discuss, in-depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind it.

Malicious URLs used in the campaign:
hxxp://default7.com - 199.48.227.25
hxxp://test246.com - 54.208.99.166
hxxp://test0.com - 72.52.4.119
hxxp://distinctfestive.com - 54.208.99.166
hxxp://ableoccassion.com - 54.208.99.166

Sample malware used in the campaign:
MD5: 9854f14ca653ee7c6bf6506d823f7371

Once executed, a, sample, malware, phones, back, to, the, following, C&C server:
hxxp://intva31.homelandcustom.info (52.6.18.250)

Known to have phoned back to the same malicious C&C server IP (54.208.99.166), are, also, the, following, malicious, MD5s:
MD5: fd368af200fd835687997ca2a4a0389b
MD5: c0379cda1717d1e05c938f8e06c04a46
MD5: 60eef5b116579d75b272a61e40716bc0
MD5: 8481f23748358fbfd5c36cea53c90793
MD5: 0953f8ec3f0001b3e5f3490203135def

Once executed, a, sample, malware, phones, back, to, the, following, C&C servers:
hxxp://ii55.net (69.172.201.153)
hxxp://rwai.net (54.208.99.166)

Known to have phoned back to the same malicious C&C server IP (69.172.201.153) are also the following malicious MD5s:
MD5: 5979f69be8b6716c0832b6831c398914
MD5: a27083ff19b187cbc64644bc10d2af11
MD5: b9306bb08ac502c7bcaf3d7e0cd9d846
MD5: cd34980dda700d07b93eef7910a2a8be
MD5: b708860e7962b10e26568c9b037765df

Known to have phoned back to the same malicious C&C server IP (54.208.99.166) are also the following malicious MD5s:
MD5: 9854f14ca653ee7c6bf6506d823f7371
MD5: 90a88230d5b657ced3b2d71162a33cff
MD5: 70465233d93aa88868d7091454592a80
MD5: f8e21525c6848f45e4ab77aee05f0a28

Related malicious MD5s known to have phoned back to the same malicious C&C server (54.208.99.166):
MD5: fd368af200fd835687997ca2a4a0389b
MD5: c0379cda1717d1e05c938f8e06c04a46
MD5: 60eef5b116579d75b272a61e40716bc0
MD5: 8481f23748358fbfd5c36cea53c90793
MD5: 0953f8ec3f0001b3e5f3490203135def

We'll continue, monitoring, the, campaign, and, post, updates, as, soon, as, new, developments, take, place.