Dear blog readers,
This is the second week of sandboxing the new and novel malware samples that I have access to and extract and share and enrich all the malware command and control phone back domains.
I hope that you will find this relevant and informative.
Sample malware C&C (command and control) phone back domains from this week's sandboxing include:
hxxp://212.ip.gl.ply.gg
hxxp://a.goatgame.co
hxxp://a0920080.xsph.ru
hxxp://bendavo.su
hxxp://cim.co.com
hxxp://classic-dave.gl.at.ply.gg
hxxp://clearsolutions.uk.com
hxxp://conxmsw.su
hxxp://cover-phantom.gl.at.ply.gg
hxxp://doddyfire.linkpc.net
hxxp://dstat.one
hxxp://elumadns.hopto.org
hxxp://exposqw.su
hxxp://fatisabi.linkpc.net
hxxp://fuu.tfuuuk.com
hxxp://hho.uk.com
hxxp://hov.multiatend.com.br
hxxp://hvu.uk.com
hxxp://infoprokaps.ddns.net
hxxp://job-citizenship.gl.at.ply.gg
hxxp://know-studied.gl.at.ply.gg
hxxp://krs.kievteplo.kiev.ua
hxxp://krs.tfba.me
hxxp://la-supreme.gl.at.ply.gg
hxxp://loganwolverin2026.duckdns.org
hxxp://memory-scanner.cc
hxxp://msf.uk.com
hxxp://narroxp.su
hxxp://needforrat.hopto.org
hxxp://needleexperience.xyz
hxxp://nft.uk.com
hxxp://nobles.locker
hxxp://open88-vip.com
hxxp://ozonelf.su
hxxp://pitchz.locker
hxxp://ptn.kievteplo.in.ua
hxxp://ptn.passadisco.com.br
hxxp://qdqwrqwrwqrqw.net
hxxp://salat.cn
hxxp://ser.nrovn.xyz
hxxp://squatje.su
hxxp://squeaue.su
hxxp://suzoo.ryxuz.com
hxxp://taodianla.com
hxxp://transfer.sh
hxxp://unembel.locker
hxxp://upaste.me
hxxp://vestcast.co
hxxp://vicareu.su
hxxp://vlxx.bz
hxxp://whitepepper.su
hxxp://windirautoupdates.top
hxxp://wndlogon.hopto.org
hxxp://wto.azl.one
hxxp://wto.mir-massage.kiev.ua
hxxp://www.ojang.pe.kr
hxxp://yip.su
| hxxp://212.ip.gl.ply.gg | 94ed112cb1f9ffe831906c83e02799a252b9f7b0116502550c1753ad12c23630 | Suspicious:TrojanDrop.Agent.A.gaau |
| hxxp://a.goatgame.co | 6fd5c640f4c1e434978fdc59a8ec191134b7155217c84845ea6a313aecf25bcc | Win/malicious_confidence_100% |
| hxxp://a0920080.xsph.ru | ea7efe5b685adb6324eea4717d5a9ef0c09c0222acc527d3bff2dc752d0cdcf9 | Zusy.Generic |
| hxxp://bendavo.su | e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748 | Win/malicious_confidence_100% |
| hxxp://cim.co.com | c5ed92bd459abb4fd92b3de50b9b60e38622a40e014faaec617c5de9d9e7cc60 | Win/malicious_confidence_100% |
| hxxp://classic-dave.gl.at.ply.gg | 6e6f89821d980d1305a0f7a333e529fdb212b10ffcd8e11c32d9a36f3326458e | Trojan.Generic |
| hxxp://clearsolutions.uk.com | 3fb74f626ee600cd36be84546dbea162456581fae1f9a512209e9bbdb0ec29c8 | Win/malicious_confidence_100% |
| hxxp://conxmsw.su | e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748 | Win/malicious_confidence_100% |
| hxxp://cover-phantom.gl.at.ply.gg | 94ed112cb1f9ffe831906c83e02799a252b9f7b0116502550c1753ad12c23630 | Suspicious:TrojanDrop.Agent.A.gaau |
| hxxp://doddyfire.linkpc.net | 33a995a9fb0790de7a522da691ab296e6d0e845b8228cb1fde3acddfff4e0584 | Win/malicious_confidence_100% |
| hxxp://dstat.one | 79bcf99e5c1a3c82d9de611adecaa580350711916e22f9f019d80ae90b3ef24f | Win/malicious_confidence_100% |
| hxxp://elumadns.hopto.org | 607e18119b44e869812cccf8b2e7707d63024bde7ef1fc82da9086d2e21bf5d4 | CryptPack.Generic |
| hxxp://exposqw.su | e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748 | Win/malicious_confidence_100% |
| hxxp://fatisabi.linkpc.net | abfef5885b48d80f03063d96710c39d285dcd948acff2d2e7aca3c1e902245e9 | QD:Trojan.GenericQ |
| hxxp://fuu.tfuuuk.com | 749a094dd333916249a24c7e9540c9f7f22c8ead8a9b1bb353aeaf1b8e195fb9 | Win/grayware_confidence_60% |
| hxxp://hho.uk.com | 3fb74f626ee600cd36be84546dbea162456581fae1f9a512209e9bbdb0ec29c8 | Win/malicious_confidence_100% |
| hxxp://hov.multiatend.com.br | 59d896c37abda71d5321d121ec682bc058ce590a049418118d81f68235a54628 | Trojan.Generic |
| hxxp://hvu.uk.com | 3fb74f626ee600cd36be84546dbea162456581fae1f9a512209e9bbdb0ec29c8 | Win/malicious_confidence_100% |
| hxxp://infoprokaps.ddns.net | 6b5507201747da116e679511aa351ca64779d04dd4e406feab58e17cee3c86f8 | Trojan.Generic |
| hxxp://job-citizenship.gl.at.ply.gg | df8a3aa8281ab768be25aa7e6994cb4a2b75c2fb76b9decea321cb2f032c4cd8 | Suspicious:TrojanDrop.Agent.A.gaau |
| hxxp://know-studied.gl.at.ply.gg | 39fdd742df6bfcf32a04c46dcbcda4a12c630506a4208a43251804f4ec05c520 | Barys.Generic |
| hxxp://krs.kievteplo.kiev.ua | de84d30f33ec188bf7bb4bee5db11b592176ad4b90efe6de8423b221bdcd48e7 | Win/malicious_confidence_60% |
| hxxp://krs.tfba.me | de84d30f33ec188bf7bb4bee5db11b592176ad4b90efe6de8423b221bdcd48e7 | Win/malicious_confidence_60% |
| hxxp://la-supreme.gl.at.ply.gg | 53fa182205d5f1253c1655870ceed328075a7384fc4196fc44cb33a546dfd1ad | Trojan.XWorm |
| hxxp://loganwolverin2026.duckdns.org | 8e1f62b87234e54baf7ca40bfd2a81a6ed53b5a009b15ce7e4cba7d54d39a3a2 | Trojan.Generic |
| hxxp://memory-scanner.cc | ed0df4e63f9f4ae680a8ae1d8ab92b192f406ea10794ece9de8fb719f70d6205 | Win/malicious_confidence_100% |
| hxxp://msf.uk.com | 3fb74f626ee600cd36be84546dbea162456581fae1f9a512209e9bbdb0ec29c8 | Win/malicious_confidence_100% |
| hxxp://narroxp.su | e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748 | Win/malicious_confidence_100% |
| hxxp://needforrat.hopto.org | c2a299f988158d07a573a21621b00b1577b7c232f91c1442ba30d272e4414c5d | Jalapeno.Generic |
| hxxp://needleexperience.xyz | 53ddd2aa1a419ed06e97fb6a00f6032288cdfafc1288707a4c1cf28e95778c78 | Trojan_Win32_Wacatac_B_ml |
| hxxp://nft.uk.com | c5ed92bd459abb4fd92b3de50b9b60e38622a40e014faaec617c5de9d9e7cc60 | Win/malicious_confidence_100% |
| hxxp://nobles.locker | e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748 | Win/malicious_confidence_100% |
| hxxp://open88-vip.com | 4de054e1e7ab2a58f115cb769eb333352b67f182725979a7dd79f5f0c2fa12d9 | Win/malicious_confidence_100% |
| hxxp://ozonelf.su | e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748 | Win/malicious_confidence_100% |
| hxxp://pitchz.locker | 1d691ee35228d7b5dff10f1cc39a9ecdda48414488df2b36370328919e262cdf | Trojan.Generic |
| hxxp://ptn.kievteplo.in.ua | 21b7e82e5509b2564c3bbc25b1cd3aaefa175618ce4f267f3656eedd4226538d | Win/malicious_confidence_100% |
| hxxp://ptn.passadisco.com.br | 3eaa9777b7b070dc3639b95b316aa0d7949f318527d3a813fc603c612700965e | tedy.Generic |
| hxxp://qdqwrqwrwqrqw.net | 3a631b401a7730521459f6f40b7470a9ca055aedef3f86ee526be2eb4415c513 | Tedy.Generic |
| hxxp://salat.cn | dae4e3ef73e9789b396b5f1117d8dd668bf07f6e703e7e7c18f14bf53c3406c8 | Win/malicious_confidence_100% |
| hxxp://ser.nrovn.xyz | 1954e0151deb50691b312e7e8463bd2e798f78ff0d030ce1ef889e0207cc03aa | Trojan.Agent |
| hxxp://squatje.su | e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748 | Win/malicious_confidence_100% |
| hxxp://squeaue.su | e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748 | Win/malicious_confidence_100% |
| hxxp://suzoo.ryxuz.com | 9c2e1a084971f03e182ca54e09a4781db80a8158afe25ef0fdc4b2fde7ff5ad4 | Trojan.Generic |
| hxxp://taodianla.com | f2e2a44d8084a1b9b359cb6d32ec93331cde72c53229edb5452590e1c26f562c | Trojan.Generic |
| hxxp://unembel.locker | 20d41d4b657de10f240a6b94666973c9560daee9a363e5e31147029beb6a6cbb | QD:Trojan.GenericQ |
| hxxp://upaste.me | bb2419dbca5d15cdadd4c34be1828901a094b9b84d157c670b3350dcf691307e | MSIL.Cassiopeia.Generic |
| hxxp://vestcast.co | abd56fe04c36d4373ea9cc53efa0aec3bfd626a632c1079581163eaba26a0545 | Trojan.Generic |
| hxxp://vicareu.su | e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748 | Win/malicious_confidence_100% |
| hxxp://vlxx.bz | 7edad86c094f657569d22c11fdd5c593723160bd0c131208b96658b655ba6afc | Win/malicious_confidence_100% |
| hxxp://whitepepper.su | ed0df4e63f9f4ae680a8ae1d8ab92b192f406ea10794ece9de8fb719f70d6205 | Win/malicious_confidence_100% |
| hxxp://windirautoupdates.top | eba32a07adf4a424f44d99b8dc4abf9cb1c7f4c771c6312e07d3fb92fc4b4c84 | Win/malicious_confidence_100% |
| hxxp://wndlogon.hopto.org | 23211cc5c51e8a3d1c0c8a99e5d726e232dd54f8dac7ca28ff11abaca76e864c | Trojan.Generic |
| hxxp://wto.azl.one | 1b01df3731e1507392151ebb0200f7b5fec2fd05656eaef17b0a79e2d7770320 | Trojan.Generic |
| hxxp://wto.mir-massage.kiev.ua | 1b01df3731e1507392151ebb0200f7b5fec2fd05656eaef17b0a79e2d7770320 | Trojan.Generic |
| hxxp://www.ojang.pe.kr | 152704e13aba56bccb1183992109216ee3c2d007dfe123ff5762955ecd3b8f00 | Trojan.Heur.Generic |
| hxxp://yip.su | 612300066252c3151883d30f69a9b287c323a4a484a35ca553c5a73d3f7d0cfc | Jalapeno.Generic |
Including the following:
hxxp://bendavo.su - Email: sbakuga@inbox.ru
hxxp://whitepepper.su
hxxp://vicareu.su
Stay tuned.
0 Comments: