Tag: Cutwail


PushDo Checkin Traffic Update

I infected my computer with PushDo on Oct. 20, 2016, which you can read about HERE. I ran the computer again today and re-collected some callback traffic (ET TROJAN Backdoor.Win32.Pushdo.s Checkin). I’m adding this update because there were some new domains and IPs in the traffic. Below you will find an Excel sheet of the ...


EITest Leads to Rig EK at Which Drops PushDo/Cutwail

IOCs: – luxurenailbar.com – Compromised website – jw1f0y.wkfroa.top – Rig EK Post infection POST requests: – infotech.pl – leapc.com – 2print.com – dayvo.com – ex-olive.com – pb-games.com – stnic.co.uk – valdal.com – owsports.ca – nunomira.com – com-sit.com – ora.ecnet.jp – ...