linux.xinhuamei.net DNS_TYPE_A 123.184.41.30 Malware installs as service,injects to iexplorer and does selfdelete : “C:WINDOWSsystem32cmd.exe” /c del C:a.exe > nul Sample here : hxxp://www.xup.in/dl,17109295/a.7z/ Hosting Infos : http://whois.domaintools.com/123.184.41.30
www.casinohackers.com(Password Stealer Hosted In United States Austin Pdr Ltd.)
This one is binded with Browser Antidetect “FFTools” (FF Based) cracked by NoNh. Domain IP www.casinohackers.com 162.251.80.13 HTTP Requests : hxxp://www.casinohackers.com/soft50_news/index.php?p1=uuuuuuuuuuuuuuuuuuu&p2=uuuuuuuuuuuu&p3=uuu%20uuuuuuuuuuuuuuuuuuuu_ver=52150_s=1787626508 Sample here : hxxp://www.xup.in/dl,54125486/Antidetect5_cracked_NoNh@TrojanForge.co.7z/ Hosting Infos : http://whois.domaintools.com/162.251.80.13
bot.hd0point.cf(HTTP Botnet Hosted In United States Ashburn Amazon Technologies Inc)
DNS Queries : bot.hd0point.cf Resolved : [bot.hd0point.cf] To [52.71.250.248] HTTP Queries : bot.hd0point.cf:80 POST /gate.php HTTP/1.1 Sample : hxxp://hd0point.cf/vIr/botnet/install.exe Hosting Infos : http://whois.domaintools.com/52.71.250.248