// Thanks to Xilytol
Malware family ZEUS
MD5 6256b5aaad73fa043223ea681bbce823
Version 2.1.0.1
RC4 Keystream 650839bd99761a57d4a87289cf4e0254d852d320cd50c9fee3498e30f5fba
e7129a641833a91be61b14d9492d78d1573002b9b680d7a48d0a43b1f0a70381bce8747457b
2fe18c56148804b0c5a5f7c444320b58177d03db3f95b83eea2882ed339c6bd14a7f249dd66
f3578deb546af6326e734a1b3c055eba28bbafc2e1305539f6642b6adffbb22606a80ee75d9
9027fa4b194ff1ec59ca6d69f89a1c2d3db29ed2817c6ee2f2c8c1c6255eda6c93a097fde05db
72a4cbc74c7a7101ef6f0980fe411b4b98636621d640cdcf4967e6779f351f931e52101e6d58a
c2aa2c07e8cb16bfab3c848506ef40cc77dd4323185ce937a95a8f125f090e5bdfa3c3ac
gate.php URLs
hxxp://icbcasia.info/7/serverphp/gate.php
URLs
hxxp://icbcasia.info/7/serverphp/cfg.bin
Webinjects
hxxps://www.ccm.es/cgi-bin/INclient_6105
hxxps://www.caja-granada.es/cgi-bin/INclient_2031
hxxps://home.ybonline.co.uk/login.html*
hxxps://www.nwolb.com/Login.aspx*
hxxps://online-business.lloydstsb.co.uk/customer.ibc
hxxps://online-offshore.lloydstsb.com/customer.ibc
hxxp://www.hsbc.co.uk/1/2/personal/internet-banking*
hxxps://www.dab-bank.com*
hxxps://probanking.procreditbank.bg/main/main.asp*
hxxps://www.citibank.de*
hxxps://ibank.barclays.co.uk/olb/x/LoginMember.do
hxxps://ibank.internationalbanking.barclays.com/logon/icebapplication*
hxxp://caixasabadell.net/banca2/tx0011/0011.jsp
hxxp://*.osmp.ru/
hxxps://www.sabadellatlantico.com/es/*
hxxps://oi.cajamadrid.es/CajaMadrid/oi/pt_oi/Login/login
hxxps://www.caixagirona.es/cgi-bin/INclient_2030*
hxxps://www.unicaja.es/PortalServlet*
hxxps://areasegura.banif.es/bog/bogbsn*
hxxps://www.bgnetplus.com/niloinet/login.jsp
hxxps://www.caixalaietana.es/cgi-bin/INclient_2042
hxxps://www.cajacirculo.es/ISMC/Circulo/acceso.jsp
hxxps://www.cajabadajoz.es/cgi-bin/INclient_6010*
hxxps://extranet.banesto.es/npage/OtrosLogin/LoginIBanesto.htm
hxxps://www.e-gold.com/acct/li.asp
hxxps://www.fibancmediolanum.es/BasePage.aspx*
hxxps://online.wellsfargo.com/das/cgi-bin/session.cgi*
hxxps://www.wellsfargo.com/*
*/my.ebay.com/*CurrentPage=MyeBayPersonalInfo*
*.ebay.com/*eBayISAPI.dll?*
hxxps://www.us.hsbc.com/*
hxxps://home.cbonline.co.uk/login.html*
hxxps://welcome27.co-operativebank.co.uk/CBIBSWeb/start.do
hxxps://welcome23.smile.co.uk/SmileWeb/start.do
hxxps://www.halifax-online.co.uk/_mem_bin/formslogin.asp*
hxxps://online.wellsfargo.com/login*
hxxps://online.wellsfargo.com/signon*
hxxps://www.e-gold.com/acct/balance.asp*
hxxps://intelvia.cajamurcia.es/2043/entrada/01entradaencrip.htm
hxxps://banca.cajaen.es/Jaen/INclient.jsp
hxxps://www.cajavital.es/Appserver/vitalnet*
hxxps://www.caixaontinyent.es/cgi-bin/INclient_2045
hxxps://web.da-us.citibank.com/cgi-bin/citifi/portal/l/autherror.do*
hxxps://www.cajacanarias.es/cgi-bin/INclient_6065
hxxps://montevia.elmonte.es/cgi-bin/INclient_2098*
hxxps://www.gruppocarige.it/grps/vbank/jsp/login.jsp
hxxps://oie.cajamadridempresas.es/CajaMadrid/oie/pt_oie/Login/login_oie_1
hxxps://privati.internetbanking.bancaintesa.it/sm/login/IN/box_login.jsp
hxxps://bancopostaonline.poste.it/bpol/bancoposta/formslogin.asp
hxxps://www.iwbank.it/private/index_pub.jhtml*
hxxps://hb.quiubi.it/newSSO/x11logon.htm
hxxps://www.isideonline.it/relaxbanking/sso.Login*
hxxps://web.secservizi.it/siteminderagent/forms/login.fcc
hxxps://rupay.com/index.php
hxxps://www.53.com/servlet/efsonline/index.html*
hxxps://www.suntrust.com/portal/server.pt*parentname=Login*
hxxps://onlinebanking.nationalcity.com/OLB/secure/AccountList.aspx
hxxps://www#.citizensbankonline.com/*/index-wait.jsp
hxxps://easyweb*.tdcanadatrust.com/servlet/*FinancialSummaryServlet*
hxxps://www#.usbank.com/internetBanking/LoginRouter
hxxps://www.paypal.com/*/webscr?cmd=_login-done*
hxxps://www.paypal.com/*/webscr?cmd=_account
hxxps://www.clavenet.net/cgi-bin/INclient_7054
hxxps://www.cajasoldirecto.es/2106/*
hxxps://www.cajalaboral.com/home/acceso.asp
hxxps://carnet.cajarioja.es/banca3/tx0011/0011.jsp
hxxps://www.caixatarragona.es/esp/sec_1/oficinacodigo.jsp
hxxps://www.cajadeavila.es/cgi-bin/INclient_6094
hxxps://onlineeast#.bankofamerica.com/cgi-bin/ias/*/GotoWelcome
hxxps://web.da-us.citibank.com/*BS_Id=MemberHomepage*
*banquepopulaire.fr/*
hxxps://light.webmoney.ru/default.aspx
hxxps://www.isbank.com.tr/Internet/ControlLoader.aspx*
hxxps://light.webmoney.ru/default.aspx
*wellsfargo.com/*
hxxps://online*.lloydstsb.co.uk/logon.ibc
hxxps://home.ybonline.co.uk/ral/loginmgr/*
hxxps://www.mybank.alliance-leicester.co.uk/login/*
hxxps://www.ebank.hsbc.co.uk/main/IBLogon.jsp
hxxps://scrigno.popso.it*
hxxps://www.halifax-online.co.uk/MyAccounts/MyAccounts.aspx*
hxxps://ibank.barclays.co.uk/olb/x/LoginMember.do
hxxps://www.halifax-online.co.uk/_mem_bin/*
hxxps://resources.chase.com/MyAccounts.aspx
hxxps://bancaonline.openbank.es/servlet/PProxy?*
hxxps://online.wamu.com/Servicing/Servicing.aspx?targetPage=AccountSummary
hxxps://onlinebanking#.wachovia.com/myAccounts.aspx?referrer=authService
hxxps://empresas.gruposantander.es/WebEmpresas/servlet/webempresas.servlets.*
hxxps://www.gruposantander.es/bog/sbi*?ptns=acceso*
hxxps://extranet.banesto.es/*/loginParticulares.htm
hxxps://banesnet.banesto.es/*/loginEmpresas.htm
hxxps://web.da-us.citibank.com/cgi-bin/citifi/portal/l/l.do
hxxps://www2.bancopopular.es/AppBPE/servlet/servin*
hxxps://www.bbvanetoffice.com/local_bdno/login_bbvanetoffice.html
hxxps://www.bancajaproximaempresas.com/ControlEmpresas*
hxxps://home2ae.cd.citibank.ae/CappWebAppAE/producttwo/capp/action/signoncq.do
hxxps://www.nwolb.com/Login.asp*
hxxps://lot-port.bcs.ru/names.nsf?#ogin*
hxxps://www.bancoherrero.com/es/*
hxxps://pastornetparticulares.bancopastor.es/SrPd*
hxxps://internetbanking.aib.ie/hb1/roi/signon
hxxps://www.uno-e.com/local_bdnt_unoe/Login_unoe2.html
hxxps://olb2.nationet.com/signon/signon*
hxxps://banking*.anz.com/*
hxxps://www.rbsdigital.com/Login.asp*
*//mail.yandex.ru/
*//mail.yandex.ru/index.xml
*//money.yandex.ru/
*//money.yandex.ru/index.xml
hxxps://cardsonline-consumer.com/RBSG_Consumer/VerifyLogin.do
hxxps://www*.banking.first-direct.com/1/2/*
hxxps://olb2.nationet.com/MyAccounts/frame_MyAccounts_WP2.asp*
No comments:
Post a Comment