Closed Somebodyisnobody closed 4 years ago
May I suggest you to add a password to the trojan.zip
rather than just redistribute it as is
and at the same time ensuring people not execute it by mistakes?
This issue was moved by funilrys to Ultimate-Hosts-Blacklist/blacklist#1.
After executing a trojan on an isolated host system I got following domains on my dns-server: lodddd01.info jload01.info rifat01.info Some other requested domains were already blocked, I assume they are here in the list. Attached a traffic capture where you can see which files are being downloaded (e.g. stream 3 where "jload01.info/downfiles/1.exe" is called or stream 0 where a zip with
is being uploaded to rifat01.info. The zip attached is extracted from the stream)
trojan_filtered.zip (wireshark capture file) index.php.zip trojan.zip (only download if you know how to handle a trojan, password "trojan")