Notice: Undefined index: profile_error in /home/securitycrawler/public_html/wp-content/plugins/newsletter/subscription/subscription.php on line 60

Data Feeds

How does SecurityCrawler pull data so fast from around the world? Well the speed portion is itellectual property, but where we pull from is a question that hopefully never has a static answer.

http://dasmalwerk.eu/#api – malware samples

http://www.kernelmode.info/forum/viewforum.php?f=16 – forum for samples

http://malshare.com/

https://avcaesar.malware.lu/

http://www.malwareblacklist.com/showMDL.php

http://malwaredb.malekal.com/

http://cybercrime-tracker.net/ccam.php

Some of the places we pull data from and archive and bundle it up nicely for our customers are:

http://vxvault.net/ViriList.php

Date URL MD5 IP Tools
08-18 [D] xaxxola.top/admin.php?f=400 EA7FE530EBF52A7858C627E2300B8C4D 66.85.27.202 PED UQ
08-18 [D] xwerkq.top/admin.php?f=400 EA7FE530EBF52A7858C627E2300B8C4D 192.254.79.254 PED UQ
08-18 [D] gnhdd.com/templates/file.exe D88352B39EF13F8307EDB6BA07795C55 42.236.81.76 PED UQ
08-18 [D] ccharbor.com/wp-admin/inst3.exe FD05FD03BC0A26E9C2209D43D151C6E9 67.222.11.11 PED UQ
08-18 [D] uhrenblog.watchhouse.de/wp-includes/pm.dll F828835C598436120FC20EAF546C54F2 188.138.68.195 PED UQ
08-17 [D] foomerow.top/admin.php?f=400 6EE286CC59C919605271F70202E80135 31.184.234.140 PED UQ
08-16 [D] foodfool.xyz/admin.php?f=400 0B59778B211E928C00439A3334A338D2 31.184.234.140 PED UQ
08-16 [D] aoolertv.top/admin.php?f=400 0B59778B211E928C00439A3334A338D2 31.184.234.140 PED UQ
08-15 [D] livelife24.com/templates/redevo_aphelion_green/pm.dll 6BC35CD532A2D1530433C7434F1CAD36 85.13.143.149 PED UQ
08-15 [D] ymcasc.org.nz/modules/mod_analytics/inst1.exe 9597FC80F793BBECEED69BE9B1344FDB 103.250.90.106 PED UQ
08-14 [D] qawsf1gy.bget.ru/files/us.exe 7810131AF2A1E7806270635230821301 87.236.19.58 PED UQ
08-13 [D] flgueras.com/pon/data.exe EEAB735A3EA3820EC0C59C3574825E9E 188.209.52.208 PED UQ
08-13 [D] reworder.adultgamesite.ru/js/boxun4.exe 8505936955F4B5FD5B6844F914ABD3AD 121.188.8.189 PED UQ
08-12 [D] coffeol.com/fend/raw_server.exe DAF0B1D58C8B8FD7D08BC237C5CDB31D 208.112.30.120 PED UQ
08-11 [D] 88.119.179.160/1biycuhoqetzowaawneab.exe 81A50B5D0005B50A59D4779132703932 88.119.179.160 PED UQ
08-11 [D] shopbaite.ru/webfaq/files/usagold.exe 26B81C8F45CADA0B645921DEFE015D91 185.60.134.215 PED UQ
08-11 [D] shopbaite.ru/webfaq/bot.exe 9EE959108B4189E1F154A7F4362DB3A5 185.60.134.215 PED UQ
08-11 [D] www.teolds.com/wp-content/plugins/libravatar-replace/scrwin.exe C09002F4FDC78965798E5241E8A10AF3 89.46.104.47 PED UQ
08-11 [D] oneminutemedicine.com/wp-content/plugins/wp-os-flv/inst1.exe A7C3AE050FCE663499F78BCFEEA59399 50.62.228.1 PED UQ
08-11 [D] portlandgoldbuyers.com/wp-includes/in.dll DA5ADD1DCCE95118F7DBDAED74851E2A 184.168.56.106 PED UQ
08-11 [D] gallery.nash-news.com/wp-content/themes/thematic/pm.dll 467F6309322B0B3C40B3743E19875D90 207.126.50.155 PED UQ
08-10 [D] updo.nl/file/8e90723b.exe 06C406478C8C09B9C2CE38D47145EE70 149.210.134.83 PED UQ
08-08 [D] qawsf1gy.bget.ru/us.exe B38CDDD0FA7713D0033F5DB5186A9D98 87.236.19.58 PED UQ
08-08 [D] dryversandsettyngsall0ficceversions.info/j4v4upd4t3rL0ad1s.exe 8BA75DE55191A7B284C87450D7EC168E 162.251.85.205 PED UQ
08-08 [D] dryversandsettyngsall0ficceversions.info/Off1cce365upd4te.exe 0CCF64103DF597108D163158E56CE5E4 162.251.85.205 PED UQ
08-08 [D] dryversandsettyngsall0ficceversions.info/ad0v3f1ashplay3rall.exe 45E68E5BC35E6B0AC6B49DC0FD7717B4 162.251.85.205 PED UQ
08-08 [D] updo.nl/file/cafb541e.exe 47A88065C7BCB01C1FFC1C6B9CAC7961 149.210.134.83 PED UQ
08-05 [D] www.boydhaven.com/sirgeeni/Done.exe E41004350C1A004C9CB4502713641697 97.74.215.138 PED UQ
08-04 [D] sentembertolls.ru/pony/Pony.exe F6B398F96CC1BFB82246326E9B1EF6E6 46.105.135.208 PED UQ
08-04 [D] sumofmind.com/wp-includes/pomo/inst1.exe 6C7D941F5B516CEB3D920B92F8D00C53 66.116.103.198 PED UQ
08-04 [D] www.korean4all.net/wp-admin/pm.dll FA307361D52B1A83B10545D576509B1D 37.187.118.54 PED UQ
08-04 [D] samogontoronto.tk/1owukixwuoqholyeffyoz.exe 116EC1B12439D8BBD2A4220E8A0C034A 195.123.210.41 PED UQ
08-03 [D] doreviold.ml/lina.exe 024F8225258171AD5640AAED6B5AD8F0 188.116.40.63 PED UQ
08-03 [D] songphuongrninh.com/chidi/order.exe C584117C347DCF4EA86A6D7786671E92 158.69.117.211 PED UQ
08-03 [D] tclogs.tk/pon/host.exe 612D1337C768496B9A4379E06BBF0DB8 200.74.241.224 PED UQ
08-03 [D] tclogs.tk/upx/win.exe E6EA76248337B6F07E53D11EFACBDFF5 200.74.241.224 PED UQ
08-03 [D] tclogs.tk/upx/chrome.exe 48F9FBC5BBFC96FB3431EF39FD8C0D8F 200.74.241.224 PED UQ
08-03 [D] criandoseunegocio.com.br/pc/p/micro.exe 774CD014945F431938904586C6ADA7A1 179.188.17.95 PED UQ
08-03 [D] edutshely.com/dk/crypted.exe EADC81512401ED5EEA0CE80B5D0FC9AA 192.186.194.130 PED UQ
08-03 [D] www.songphuongrninh.com/chidi/order.exe C584117C347DCF4EA86A6D7786671E92 158.69.117.211 PED UQ

We monitor Crimeware C2 and master node servers:

http://cybercrime-tracker.net/index.php

-::DATE -::URL -::IP -::TYPE
21-08-2016 pptpp.ru/ttsd/webadmin/cp.php?m=login 188.209.52.213 Citadel Scan with VirusTotal Search the family
20-08-2016 pp.t1nkem.com/pan/admin.php 66.23.226.40 Pony Scan with VirusTotal Search the family
20-08-2016 work8.t1nkem.com/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 work7.t1nkem.com/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 work6.t1nkem.com/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 work5.t1nkem.com/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 work4.t1nkem.com/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 work3.t1nkem.com/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 work2.t1nkem.com/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 work.t1nkem.com/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 beta9.t1nkem.com/web/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 beta8.t1nkem.com/web/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 beta7.t1nkem.com/web/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 beta6.t1nkem.com/web/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 beta5.t1nkem.com/web/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 beta4.t1nkem.com/web/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 beta3.t1nkem.com/web/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 beta2.t1nkem.com/web/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 beta.t1nkem.com/web/login.php 66.23.226.40 KeyBase Scan with VirusTotal Search the family
20-08-2016 www.ausconnext.com/bb/login.php 198.54.116.128 Betabot Scan with VirusTotal Search the family
20-08-2016 newstarmachinery.com/1/admin.php 23.235.208.177 Pony Scan with VirusTotal Search the family
20-08-2016 www.atlass-eg.com/kerry/rok/admin.php 174.127.78.72 Pony Scan with VirusTotal Search the family
20-08-2016 www.atlass-eg.com/rk/admin.php 174.127.78.72 Pony Scan with VirusTotal Search the family
20-08-2016 www.ausconnext.com/pp/admin.php 198.54.116.128 Pony Scan with VirusTotal Search the family
20-08-2016 easternricemill.com/gallery09/kbpanel/login.php 103.22.180.11 KeyBase Scan with VirusTotal Search the family
20-08-2016 downloadpdf.superweb.ws/key/html/login.php 23.94.63.176 KeyBase Scan with VirusTotal Search the family
20-08-2016 randbstudio.net/in/keybase/login.php 216.193.219.174 KeyBase Scan with VirusTotal Search the family
20-08-2016 www.mksecurity.com.sg/images/css/login.php 104.28.8.16 KeyBase Scan with VirusTotal Search the family
20-08-2016 ulk-cg.com/pny/admin.php 155.94.65.140 Pony Scan with VirusTotal Search the family
20-08-2016 mreazii.tk/smiley/Panel/admin.php 142.4.17.213 Pony Scan with VirusTotal Search the family
20-08-2016 fairfaxandrobert.com.au/zobs/mypage/admin.php 158.69.117.211 Pony Scan with VirusTotal Search the family
20-08-2016 fairfaxandrobert.com.au/rivbdh/mypage/admin.php 158.69.117.211 Pony Scan with VirusTotal Search the family
20-08-2016 www.sandstrucks.com/temo/colz/admin.php 5.56.133.98 Pony Scan with VirusTotal Search the family

 

Multiple cron jobs that instantly pull IPs, domain names, hashes and other IOCs right off the wire:

Malware IOCs are pulled from:

Sophos.com

Malwr.com

VirusTotal.com

Hybrid-Analysis.com

Malware-Traffic-Analysis.net

MalwareDomainList.com

And about 40 additional sources from around the globe depending which sites are staying hot and keeping up.

site:sophos.com “detailed” & “IP Connections”

Detailed Analysis – Troj/Kovter-DU – Viruses and Spyware – Advanced …

https://www.sophos.com/en-us/threat-center/threat…/detailed-analysis.aspx
Sophos

2 days ago – IP Connections. 102.91.24.199:80; 111.44.185.95:80; 117.245.97.26:80; 119.43.175.172:80; 121.223.218.223:443; 124.116.132.92:80; 125.232.48.139:80 …

Detailed Analysis – Troj/Ransom-DOJ – Viruses and Spyware … – Sophos

https://www.sophos.com/en-us/threat-center/threat…/detailed-analysis.aspx
Sophos

1 day ago – IP Connections. 107.156.155.176:80; 107.98.121.106:80; 111.230.18.205:80; 126.85.68.72:80; 139.156.225.154:80; 16.12.237.80:80; 160.198.105.123:80 …

Detailed Analysis – Troj/Cerber-KW – Viruses and Spyware – Advanced …

https://www.sophos.com/en-us/threat-center/threat…/detailed-analysis.aspx
Sophos

2 days ago – IP Connections. 31.184.234.0:6892; 31.184.234.100:6892; 31.184.234.101:6892; 31.184.234.102:6892; 31.184.234.103:6892; 31.184.234.104:6892 …

Detailed Analysis – Troj/Ransom-DOL – Viruses and Spyware … – Sophos

https://www.sophos.com/de-de/…/detailed-analysis.aspx

Translate this page

Sophos

13 hours ago – IP Connections. 10.180.195.6:80; 114.64.98.99:80; 119.58.127.21:8080; 12.140.65.105:80; 16.131.185.247:80; 164.34.110.200:80; 165.233.96.68:80 …

Detailed Analysis – Troj/Ransom-DOJ – Virus e spyware – Threat …

https://www.sophos.com/it-it/…/detailed-analysis.aspx

Translate this page

Sophos

1 day ago – IP Connections. 107.156.155.176:80; 107.98.121.106:80; 111.230.18.205:80; 126.85.68.72:80; 139.156.225.154:80; 16.12.237.80:80; 160.198.105.123:80 …

 

Malvertising:

https://techhelplist.com/index.php/spam-list

 

Phishing Campaigns:

http://www.phishtank.com