all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

A Compilation of Koobface Botnet Themed Malicious Executable Download Locations 2009 – 2011

Add to bookmarks
April 28, 2023, 11:31 a.m. | Dancho Danchev

Security Boulevard securityboulevard.com



While digging into my old threat intelligence research archive I found the following which I decided to share with everyone.


Happy "takes you back doesn't it" time and OSINT and threat intelligence for historical cross-checking and connecting the dots time.


Sample URLs include:


hxxp://quwudgwddcjbsjdwdjwopdwojdjjjjjjw[.]com/?getexe=tumlike[.]2[.]exe


hxxp://selectionmusic[.]co[.]za/[.]sys[.]php?getexe=poster[.]10[.]exe


hxxp://selectionmusic[.]co[.]za/[.]sys[.]php?getexe=friendfeedreg[.]1[.]exe


hxxp://selectionmusic[.]co[.]za/[.]sys[.]php?getexe=aolsbm[.]2[.]exe


hxxp://selectionmusic[.]co[.]za/[.]sys[.]php?getexe=twreg[.]12[.]exe


hxxp://selectionmusic[.]co[.]za/[.]sys[.]php?getexe=tumreg[.]1[.]exe


hxxp://roomservicedesign[.]com[.]au/[.]9mov05w/?getexe=drk[.]exe


hxxp://roomservicedesign[.]com[.]au/[.]9mov05w/?getexe=ffe32[.]exe


hxxp://roomservicedesign[.]com[.]au/[.]9mov05w/?getexe=yahblog[.]exe


hxxp://mdcoc[.]net/jxjv0z2s/setup798342[.]exe


hxxp://www[.]blowmeupbig[.]com/[.]iunb8/?getexe=za[.]exe


hxxp://www[.]blowmeupbig[.]com/[.]iunb8/?getexe=hny32[.]exe


hxxp://www[.]chateaudecoisse[.]com/[.]tfdmezb/?getexe=m24[.]in[.]exe


hxxp://www[.]chateaudecoisse[.]com/[.]tfdmezb/?getexe=dg[.]exe


hxxp://anlaegkp[.]dk/trygxqlz/setup314555[.]exe


hxxp://lyulf[.]co[.]uk/2pmf1qq/setup742472[.]exe


hxxp://careyadkinsdesign[.]com/[.]uzb62/?getexe=ff2ie[.]exe


hxxp://careyadkinsdesign[.]com/[.]uzb62/?getexe=p[.]exe


hxxp://careyadkinsdesign[.]com/[.]uzb62/?getexe=m24[.]in[.]exe


hxxp://careyadkinsdesign[.]com/[.]uzb62/?getexe=dg[.]exe


hxxp://solarinstitut[.]com/yf734/index[.]php?e=635893


hxxp://helpingouryouthachieve[.]com/sim/index[.]php?e=590202


hxxp://www[.]darelorenzo[.]it/[.]sys/?action=fbgen&v=104&crc=669


hxxp://1zabslwvn538n4i5tcjl[.]com/temp/exe/codec[.]exe


hxxp://smx[.]nu/y580/setup[.]exe


hxxp://mantleofmercy[.]org/07/


hxxp://watvindteindhoven[.]nl/614/?go


hxxp://stagnescathedral[.]org/actualperformans/?72691/


hxxp://partenaires-particuliers[.]fr/[.]abodpg/?getexe=tg[.]16[.]exe


hxxp://viale[.]be/[.]jxel/?getexe=p[.]exe


hxxp://viale[.]be/[.]jxel/?getexe=ws[.]exe


hxxp://cedelevator[.]com/[.]sys/?getexe=tg[.]16[.]exe


hxxp://www[.]person[.]doae[.]go[.]th/[.]sys/?getexe=tg[.]16[.]exe


hxxp://ntas[.]com/[.]sys/?getexe=tg[.]16[.]exe


hxxp://waypoint-center[.]org/[.]sys/?action=ppgen&a=-2001606274&v=106&pid=1000


hxxp://waypoint-center[.]org/[.]sys/?action=fbgen&v=106&crc=669


hxxp://deltasatuk[.]com/[.]sys/?getexe=cmd[.]exe …

action amp archive back botnet center download intelligence intelligence research malicious old org osint php research share sim threat threat intelligence urls

Visit resource

More from securityboulevard.com / Security Boulevard

Identity, Credential Misconfigurations Open Worrying Security Gaps 2 hours ago | securityboulevard.com
active directory analytics & intelligence business cloud +35
Embracing quantum readiness 2 hours ago | securityboulevard.com
assets computing cybersecurity cybersecurity impact +9
Tracking CVE-2024-2876: Why does the latest WordPress exploit compromise over 90,000 websites? 3 hours ago | securityboulevard.com
api security called compromise critical +22
Got Your Eyes on Cyber Essentials Plus? We’ve Got You Covered! 3 hours ago | securityboulevard.com
blog cyber cyber essentials cybersecurity +8
Understanding GitGuardian’s Self-Hosted Solution 9 hours ago | securityboulevard.com
convenience data gitguardian network +7
Using MITM to bypass FIDO2 phishing-resistant protection 9 hours ago | securityboulevard.com
alliance authenticate authentication blog +26
USENIX Security ’23 – A Bug’s Life: Analyzing the Lifecycle and Mitigation Process of Content … 1 day ago | securityboulevard.com
access authors award bug +23
GenAI Continues to Dominate CIO and CISO Conversations 1 day, 5 hours ago | securityboulevard.com
bad cio ciso ciso conversations +17
RSAC 2024 Innovation Sandbox | Reality Defender: Deepfake Detection Platform 1 day, 13 hours ago | securityboulevard.com
benchmark blog conference cybersecurity +20

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité - Nantes

@ Hifield | Saint-Herblain, France
View on infosec-jobs.com

L2 Security - Senior Security Engineer

@ Paytm | Noida, Uttar Pradesh
View on infosec-jobs.com

GRC Integrity Program Manager

@ Meta | Bellevue, WA | Menlo Park, CA | Washington, DC | New York City
View on infosec-jobs.com

Consultant Active Directory H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Consultant PCI-DSS H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Head of Security Operations

@ Canonical Ltd. | Home based - Americas, EMEA
View on infosec-jobs.com
View more jobs