Thursday, April 16, 2015

Houdini / h-worm / njRAT Tracking List

I added a tracking list for the Houdini malware (njRAT, h-worm, etc...). This list is best used in a monitoring tool rather than a blocking tool as some of the domains will most likely be out-of-date. If you are not familiar with this malware, then please check out the links listed below.

This list has grown over the past year since I have been tracking it, so I hope it serves you well. I will continue to update the list as I find new variants or indicators, and if you wish to contribute then please feel free to send me an email.

Click here to go to the page. Enjoy!

Further reading:

Tuesday, April 14, 2015

Incoming Houdini Tracking List

I have been seeing a good amount of Houdini traffic in the past, and it seems to be picking up steam again: for a quick refreshed, check out this FireEye report. So I decided to create a list of command and control servers used by the malware.

The list will not be an active/live list such as the ones you find on Abuse.ch, rather it will contain historical data of hosts, as well as other useful information such as user-agent string values, HTTP URI paths, destination ports, and other data.

The list should be posted within the week, so please check back.