rat-forums.net (Ice 9 banking malware proxied by cloudflare)

By I_Post_Ur_Info, December 11, 2012

Resolved rat-forums.net to 108.162.194.61, 108.162.194.161

Server: rat-forums.net
Gate file: /web/adm/gate.php
Config file: /web/config/index.php

This is the first time I’ve seen the ice 9 zeus mod in the wild. I guess all the skiddies are trying it out now that it’s cracked.
Hopefully cloudflare will put a stop to their experimenting.

Categories: Uncategorized

Tags: cloudflareice9Zeus

Previous poststarhf.com (Andromeda http botnet proxied by cloudflare)

Next postMaster Poko Perlbot vS PiF(linux bots hosted in France Paris Gandi Sas)

2 Comments

AntiMalware - December 12, 2012 at 10:21 am

Do you have the infection?

I_Post_Ur_Info - December 13, 2012 at 2:55 am

I have two samples
eb1376f7481a39b77237a5293983f91d
2df40a79204cd8d50081c07581549c4c
http://www.multiupload.nl/2YHJ7HQAC1

kdsk3afdiolpgejs.onion.to(Zeus Variant Hosted In Germany Berlin Individual Network Berlin E.v.)

indianmoneybag.in(HTTP Password Stealer Hosted In United States Provo Unified Layer)

freegamebox.ru (Betabot http botnet proxied by cloudflare.com)

2 Comments

AntiMalware - December 12, 2012 at 10:21 am

I_Post_Ur_Info - December 13, 2012 at 2:55 am

Comments are closed