[Kafeine]

167 items. 10 to 16
Too big to be attached.
File Here : http://minus.com/lbdZykYsVQU4vw
Comments welcome as usual.

Thread here : http://kafeine.minus.com/mbkiPTU7Bc/

[PX5]

Most success i have with mebroot is to follow the links provided on malwaredomainlist, like this one...

superaudi.pl/index.php?tp=4f7c0388f5020946

Allows the malware to load as it thinks it should, I guess.

Ive not had any luck with that link today, may have to go hunt another fresh one down.


Just used a old VM and infected fine using this link and Windows XP SP3

176.31.127.134/index.php?tp=0f4b6d00d5c05110

Hope it helps

[Kafeine]

143 items 2012-08-16 to 20 (early morning)
Pass (if one) is infected.
http://minus.com/lb2obuTvShIClS

Thread : http://kafeine.minus.com/mbkiPTU7Bc/

[Peter Kleissner]

Live exploit page at the moment http://liveregistrystill.net/index.php? ... 1e02b2f4b3 blackhole exploit kit, serving a java exploit
Wepawet scan at http://wepawet.iseclab.org/view.php?has ... 52&type=js

Attached the dropped file, 80 KB. It's connecting to boababsshake.pro with IP 85.17.90.141

[Kafeine]

New samples.

Attached file 20 samples from today.

206 Samples from 20 to 27 are there http://minus.com/lAbD8tcHlp6jo in the thread http://kafeine.minus.com/mbkiPTU7Bc/

[Kafeine]

198 samples from 31-08-2012 -> today (too big to be attached)
http://minus.com/lyVAG0Z5tm0mV in the thread http://kafeine.minus.com/mbkiPTU7Bc/

[Kafeine]

202 Samples. Don't expect too much Samples soon. Sinowal BH EK are migrating to version 2.0 (today). Will have to adapt.
http://minus.com/lby3t8tVPcMIqB in the thread http://kafeine.minus.com/mbkiPTU7Bc/

[erikloman]

Anybody has a recent unpacked Sinowal dropper (32-bit) that works in VM? Thanks!

[Blaze]

Anyone encountered any recent Sinowal samples? Seeing a surge in topics asking for help for this malware.

[Kafeine]

For those who like/needs samples. 86 items
Most (53) of them are less than a week.