Gate file: 5.199.167.219/mode.php Config droppers (appear to be compromised sites) shadowsfromlight.com/wp-content/upgrade/file.php www.danainvestment.com/wp-content/upgrade/file.php gregsmission.org/wp-content/upgrade/file.php luna.pgnstudio.com/wp-content/upgrade/file.php On gregsmission.org WP-Sentinel seems to have failed to stop the initial compromise, but is now preventing the dropper from functioning. Sample is located here http://whois.domaintools.com/5.199.167.219
animalrights.co.in (Citadel banking malware hosted by MegaHoster.Net)
Resolved animalrights.co.in to 85.25.97.204 Server: animalrights.co.in Gate file: /netwolf/wolf.php Config file: /netwolf/file.php Additional locations of interest: /backup/ /cmd/images/ /cmd/cp.php Hosting infos: http://whois.domaintools.com/85.25.97.204