ViriBack Blog

Malware, IOCs & more …

  • Home
Recent LiteHTTP activities and IOCs

Recent LiteHTTP activities and IOCs

This post serves as a dump of IOCs seen in the last 90 days related to LiteHTTP malware. The interest into LiteHTTP came from a bump in sighting in the month of may 2018. One particular instance of a control…

ViribackJune 29, 2018 Malware No Comments
Read more
6 months of QuantLoader

6 months of QuantLoader

Last december 2017, I started to actively hunt for Malware c2 web panels via virustotal submissions and open source data. I encountered 37 families of malware that had an HTTP web panels. Some are very common, like lokibot, pony, some…

ViribackJune 10, 2018June 10, 2018 Malware No Comments
Read more
30 days later – 97 Panels

30 days later – 97 Panels

It’s been one month since I noticed an increase in number of malware communication to a certain IP: 185.6.242[.]251 and the trend has not slowed down in the last 30 days. The total of web panel malware seen the last…

ViribackMay 13, 2018May 13, 2018 Malware No Comments
Read more

Categories

  • Malware

Archives

  • June 2018
  • May 2018

Tags

Citadel ISRStealer LiteHTTP Lokibot Pony Quantloader
ViriBackDee@ViriBack·
12h

#Phishing

@Starcrane_jp your website is compromised and hosting a @cPanel #phishing drop file since at leat november 2018 on the @sakura_server network

star-crane.]com/wp-includes/SimplePie/js.php

cc: @jpcert_en

2
Twitter
Load More...
Copyright © 2019 ViriBack Blog. Theme by Colorlib Powered by WordPress