img14.poco.cn(HTTP Banking trojan hosted in China Shanghai Chinanet Shanghai Province Network)

By Pig, March 26, 2013

Resolved : [img14.poco.cn] To [101.226.200.132]
Resolved : [img14.poco.cn] To [101.226.200.130]
Resolved : [img14.poco.cn] To [61.183.42.151]
Resolved : [img14.poco.cn] To [101.226.200.134]
Resolved : [img14.poco.cn] To [101.226.200.152]
Resolved : [img14.poco.cn] To [61.183.42.150]

Samples:

hxxp://www.ccfyi.com/notepad.exe
hxxp://www.ccfyi.com/mstsc.exe

hxxp://www.ccfyi.com/cc.tx
timg14.poco.cn GET /mypoco/myphoto/20130323/19/874940020130323195257040.jpg
hxxp://174.139.56.114:54321/1.txt

1.txt:

67.198.167.37 keb.co.kr
67.198.167.37    keb.co.kr
67.198.167.37 www.keb.co.kr
67.198.167.37    www.keb.co.kr
67.198.167.37 citibank.co.kr
67.198.167.37    citibank.co.kr
67.198.167.37 www.citibank.co.kr
67.198.167.37    www.citibank.co.kr
67.198.167.37 www.secbank.co.kr
67.198.167.37    www.secbank.co.kr
67.198.167.37 secbank.co.kr
67.198.167.37    secbank.co.kr
67.198.167.37 ibs.kfcc.co.kr
67.198.167.37    ibs.kfcc.co.kr
67.198.167.37 www.kfcc.co.kr
67.198.167.37    www.kfcc.co.kr
67.198.167.37 open.ibk.co.kr
67.198.167.37    open.ibk.co.kr
67.198.167.37 kiup.ibk.co.kr
67.198.167.37    kiup.ibk.co.kr
67.198.167.37 mybank.ibk.co.kr
67.198.167.37    mybank.ibk.co.kr
67.198.167.37 www.ibk.co.kr
67.198.167.37    www.ibk.co.kr
67.198.167.37 www.epostbank.go.kr
67.198.167.37    www.epostbank.go.kr
67.198.167.37 epost.go.kr
67.198.167.37    epost.go.kr
67.198.167.37 www.epost.co.kr
67.198.167.37    www.epost.co.kr
67.198.167.37 open.shinhan.com
67.198.167.37    open shinhan.com
67.198.167.37 bizbank.shinhan.com
67.198.167.37    bizbank.shinhan.com
67.198.167.37 banking.shinhan.com
67.198.167.37    banking.shinhan.com
67.198.167.37 www.shinhan.com
67.198.167.37    www.shinhan.com
67.198.167.37 obiz.kbstar.com
67.198.167.37    obiz.kbstar.com
67.198.167.37 kbstar.com
67.198.167.37    kbstar.com
67.198.167.37 www.kbstar.com
67.198.167.37    www.kbstar.com
67.198.167.37 obank.kbstar.com
67.198.167.37    obank.kbstar.com
67.198.167.37 open.hanabank.com
67.198.167.37    open.hanabank.com
67.198.167.37 hanabank.chzero.com
67.198.167.37    hanabank.chzero.com
67.198.167.37 www.hanabank.com
67.198.167.37    www.hanabank.com
67.198.167.37 hanabank.com
67.198.167.37    hanabank.com
67.198.167.37 u.wooribank.com
67.198.167.37    u.wooribank.com
67.198.167.37 spd.wooribank.com
67.198.167.37    spd.wooribank.com
67.198.167.37 pid.wooribank.com
67.198.167.37    pid.wooribank.com
67.198.167.37 www.wooribank.com
67.198.167.37    www.wooribank.com
67.198.167.37 wooribank.com
67.198.167.37    wooribank.com
67.198.167.37 www.nonghyup.com
67.198.167.37    www.nonghyup.com
67.198.167.37 nonghyup.com
67.198.167.37    nonghyup.com
67.198.167.37 banking.nonghyup.com
67.198.167.37    banking.nonghyup.com


TCP Traffic:

174.139.56.114:8899


hosting infos:

http://whois.domaintools.com/101.226.200.132
Categories: Uncategorized
Tags: