Tag: PushDo

P

PushDo Checkin Traffic Update

I infected my computer with PushDo on Oct. 20, 2016, which you can read about HERE. I ran the computer again today and re-collected some callback traffic (ET TROJAN Backdoor.Win32.Pushdo.s Checkin). I’m adding this update because there were some new domains and IPs in the traffic. Below you will find an Excel sheet of the ...

E

EITest Leads to Rig EK at 185.45.193.52 Which Drops PushDo/Cutwail

IOCs: 198.23.50.198 – luxurenailbar.com – Compromised website 185.45.193.52 – jw1f0y.wkfroa.top – Rig EK Post infection POST requests: 62.129.220.170 – infotech.pl 76.12.115.26 – leapc.com 50.63.46.84 – 2print.com 104.25.146.12 – dayvo.com 219.122.1.240 – ex-olive.com 103.241.2.201 – pb-games.com 193.34.148.140 – stnic.co.uk 77.66.54.114 – valdal.com 72.3.177.107 – owsports.ca 23.229.223.161 – nunomira.com 46.30.59.13 – com-sit.com 118.23.162.86 – ora.ecnet.jp 69.163.218.51 – ...