Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
New citadel H e r m e s trojan IP-address to block: 46.28.71.19
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: New citadel H e r m e s trojan IP-address to block: 46.28.71.19 (Read 2200 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33926
malware fighter
New citadel H e r m e s trojan IP-address to block: 46.28.71.19
«
on:
August 15, 2012, 08:57:55 PM »
The H e r m e s C&C domains have moved to a new address at:
46.28.71.19 information from FoX-IT International blog provided by Michael Sandee
See:
http://urlquery.net/report.php?id=131791
also hosting Sakura exploit kit...
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33926
malware fighter
Re: New citadel H e r m e s trojan IP-address to block: 46.28.71.19
«
Reply #1 on:
August 15, 2012, 09:23:35 PM »
What IDS alert was flagged for this source IP is http_inspect: NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE
gen_id 120, sig_id 3, type limit, track by_src, count 1, limit the alert to once per 10 minutes
See:
http://129.81.224.37/base_qry_main.php?new=1&layer4=TCP&num_result_rows=-1&sort_order=time_d&submit=Query+DB
Valuable resource this Windows Intrusion Detection System!
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33926
malware fighter
Re: New citadel H e r m e s trojan IP-address to block: 46.28.71.19
«
Reply #2 on:
August 15, 2012, 11:06:52 PM »
Here we see that avast is not yet detecting this trojan:
https://www.virustotal.com/file/F42E71F3E5121412E2C82D7AC982E5036F63D39C1C6591C3630F6B3FD8A48180/analysis/
also see:
http://malwr.com/analysis/20be4f07f9a12c35463361a7212ca5ff/
polonus
«
Last Edit: August 15, 2012, 11:20:56 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
New citadel H e r m e s trojan IP-address to block: 46.28.71.19