I have some more Geodo/Feodo indicators for you since yesterdays posting. If this keeps up I will make a page dedicated to Geodo indicators similar to the one I created for the Houdini RAT.
Threat Name: Geodo
File Download Locations:
These are live malware files, download with caution.
hXXp://altvramagazine.com:80/wp-content/themes/altura/cr_mss3.exe
hXXp://www.hairlosstreatments4u.com:80/4KVHAGFUPB/949.exe
hXXp://arasshahintools.com:80/wp-content/themes/darya/cr_mss3.exe
hXXp://www.greago.com:80/wp-content/themes/flowmaster/cr_mss3.exe
hXXp://holyspirit.wa.edu.au:80/wp-content/uploads/cr_mss3.exe
hXXp://heliosradio.com:80/WGNz20QXeyK/9049.exe
hXXp://photowaaley.com:80/2g9IiGaouYBOQ/9049.exe
hXXp://region-magdeburg.ramminger-berlin.de:80/modules/mod_aratipas/cr_mss3.exe
hXXp://jomigym.nl:80/80dUCBiJXg/9049.exe
hXXp://tasheelseries.com.au:80/modules/mod_aratipas/cr_mss3.exe
Virustotal File Analysis:
9049.exe
Command and Control Servers:
Request Method: POST
94.126.171.85:8080
94.176.2.168:8080
103.16.26.36:8080
37.59.0.141:8080
46.32.233.226:8080
76.74.252.88:8080
99.249.191.195:8080
Enjoy! Look out for a new indicator list for this malware.
No comments:
Post a Comment
Please feel free to leave a comment that is relevant to the post.