all InfoSec news
A Compilation of Koobface Botnet Themed Malicious Executable Download Locations 2009 – 2011
Security Boulevard securityboulevard.com
While digging into my old threat intelligence research archive I found the following which I decided to share with everyone.
Happy "takes you back doesn't it" time and OSINT and threat intelligence for historical cross-checking and connecting the dots time.
Sample URLs include:
hxxp://quwudgwddcjbsjdwdjwopdwojdjjjjjjw[.]com/?getexe=tumlike[.]2[.]exe
hxxp://selectionmusic[.]co[.]za/[.]sys[.]php?getexe=poster[.]10[.]exe
hxxp://selectionmusic[.]co[.]za/[.]sys[.]php?getexe=friendfeedreg[.]1[.]exe
hxxp://selectionmusic[.]co[.]za/[.]sys[.]php?getexe=aolsbm[.]2[.]exe
hxxp://selectionmusic[.]co[.]za/[.]sys[.]php?getexe=twreg[.]12[.]exe
hxxp://selectionmusic[.]co[.]za/[.]sys[.]php?getexe=tumreg[.]1[.]exe
hxxp://roomservicedesign[.]com[.]au/[.]9mov05w/?getexe=drk[.]exe
hxxp://roomservicedesign[.]com[.]au/[.]9mov05w/?getexe=ffe32[.]exe
hxxp://roomservicedesign[.]com[.]au/[.]9mov05w/?getexe=yahblog[.]exe
hxxp://mdcoc[.]net/jxjv0z2s/setup798342[.]exe
hxxp://www[.]blowmeupbig[.]com/[.]iunb8/?getexe=za[.]exe
hxxp://www[.]blowmeupbig[.]com/[.]iunb8/?getexe=hny32[.]exe
hxxp://www[.]chateaudecoisse[.]com/[.]tfdmezb/?getexe=m24[.]in[.]exe
hxxp://www[.]chateaudecoisse[.]com/[.]tfdmezb/?getexe=dg[.]exe
hxxp://anlaegkp[.]dk/trygxqlz/setup314555[.]exe
hxxp://lyulf[.]co[.]uk/2pmf1qq/setup742472[.]exe
hxxp://careyadkinsdesign[.]com/[.]uzb62/?getexe=ff2ie[.]exe
hxxp://careyadkinsdesign[.]com/[.]uzb62/?getexe=p[.]exe
hxxp://careyadkinsdesign[.]com/[.]uzb62/?getexe=m24[.]in[.]exe
hxxp://careyadkinsdesign[.]com/[.]uzb62/?getexe=dg[.]exe
hxxp://solarinstitut[.]com/yf734/index[.]php?e=635893
hxxp://helpingouryouthachieve[.]com/sim/index[.]php?e=590202
hxxp://www[.]darelorenzo[.]it/[.]sys/?action=fbgen&v=104&crc=669
hxxp://1zabslwvn538n4i5tcjl[.]com/temp/exe/codec[.]exe
hxxp://smx[.]nu/y580/setup[.]exe
hxxp://mantleofmercy[.]org/07/
hxxp://watvindteindhoven[.]nl/614/?go
hxxp://stagnescathedral[.]org/actualperformans/?72691/
hxxp://partenaires-particuliers[.]fr/[.]abodpg/?getexe=tg[.]16[.]exe
hxxp://viale[.]be/[.]jxel/?getexe=p[.]exe
hxxp://viale[.]be/[.]jxel/?getexe=ws[.]exe
hxxp://cedelevator[.]com/[.]sys/?getexe=tg[.]16[.]exe
hxxp://www[.]person[.]doae[.]go[.]th/[.]sys/?getexe=tg[.]16[.]exe
hxxp://ntas[.]com/[.]sys/?getexe=tg[.]16[.]exe
hxxp://waypoint-center[.]org/[.]sys/?action=ppgen&a=-2001606274&v=106&pid=1000
hxxp://waypoint-center[.]org/[.]sys/?action=fbgen&v=106&crc=669
hxxp://deltasatuk[.]com/[.]sys/?getexe=cmd[.]exe …
action amp archive back botnet center download intelligence intelligence research malicious old org osint php research share sim threat threat intelligence urls