I added a tracking list for the Houdini malware (njRAT, h-worm, etc...). This list is best used in a monitoring tool rather than a blocking tool as some of the domains will most likely be out-of-date. If you are not familiar with this malware, then please check out the links listed below.
This list has grown over the past year since I have been tracking it, so I hope it serves you well. I will continue to update the list as I find new variants or indicators, and if you wish to contribute then please feel free to send me an email.
Click here to go to the page. Enjoy!
Further reading:
Thursday, April 16, 2015
Tuesday, April 14, 2015
Incoming Houdini Tracking List
I have been seeing a good amount of Houdini traffic in the past, and it seems to be picking up steam again: for a quick refreshed, check out this FireEye report. So I decided to create a list of command and control servers used by the malware.
The list will not be an active/live list such as the ones you find on Abuse.ch, rather it will contain historical data of hosts, as well as other useful information such as user-agent string values, HTTP URI paths, destination ports, and other data.
The list should be posted within the week, so please check back.
The list will not be an active/live list such as the ones you find on Abuse.ch, rather it will contain historical data of hosts, as well as other useful information such as user-agent string values, HTTP URI paths, destination ports, and other data.
The list should be posted within the week, so please check back.
Subscribe to:
Posts (Atom)