A list of malicious domains and IPs is given below. The contents were observed carrying out malicious activities during November 16-22, 2018.
PUBLISH DATE: 27-11-2018
Listed below are some malicious IPs and domains that are suspected to be involved in malicious activities ranging from social engineering to dropping malware and payloads.
The malicious activities associated with these threat indicators include the following known trojans and malware:
Empire is a pure PowerShell post-exploitation agent that implements the ability to run PowerShell agents without needing powershell.exe and contains rapidly deployable post-exploitation modules that evade network detection.
Emotet is a banking trojan malware program which obtains financial information by injecting computer code into the networking stack of an infected computer, allowing sensitive data to be stolen.
BANLOAD malware variants arrive on the systems as files dropped by other malware or as files downloaded unknowingly by users when visiting malicious sites.
Ursnif is a data stealing malware with variants like Backdoors, spyware and file infectors.
TrickBot has become one of the most versatile threats of 2018. It’s distributed through separate distinct malicious spam (malspam) campaigns.
Arkei is a malware strain specialized in dumping and stealing passwords and wallet private keys.
Tinynuke, or Nukebot malware, is a trojan able to perform man in the browser attacks against modern web browsers. It’s promoted through social networking and advertisements that contain links to malicious software installers.
Alureon is a trojan and bootkit created to steal data by intercepting a system’s network traffic and searching for: banking usernames and passwords, credit card data, Paypal information, social security numbers, and other sensitive user data.
A Trojan Downloader is a malicious program typically installed through an exploit sent through malicious attachments. It allows the download to install malware onto a victim’s computer.
There are powerful malicious document (maldoc) generation techniques that are effective at bypassing anti-virus detection. Analyzing such files in a sandbox will often not reveal the malicious payload, as the sandbox engine needs to recognize and open the embedded file.
Based on a ransomware-as-a-service model, GrandCrab is a ransomware that mines cryptocurrencies and shares profits between malware developers and cybercriminals.
(An IP address can be associated with multiple domain names for those belonging to a hosting company, and a domain name can be associated with multiple IP addresses that utilize fast flux DNS or cloud hosting.)
If you think you’re a victim of a cyber-attack, immediately send an email to firstname.lastname@example.org for a quick response.