Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
54 instances of TROJ_CRYPCTB.NSA detected here?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: 54 instances of TROJ_CRYPCTB.NSA detected here? (Read 2153 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33891
malware fighter
54 instances of TROJ_CRYPCTB.NSA detected here?
«
on:
March 28, 2017, 03:15:43 PM »
See:
http://urlquery.net/report.php?id=1490704902278
Threat Name: Infostealer.Limitail
Location: -https://hacmint.com/cgi_bin/Invoice-Report.zip
Magento not updated, listed here:
https://sitecheck.sucuri.net/results/hacmint.com
Update to: recommend version 1.9.2.4 or 2.0.7
Several issues not being patched:
https://www.magereport.com/scan/?s=https://hacmint.com/
Two issues:
https://sritest.io/#report/e54ed076-1d76-48a3-b3ca-0ee2f85b9d43
Vulnerable jQuery library to be retired:
http://retire.insecurity.today/#!/scan/2d58d47ef3c2fef15d649f91f4725338f6e2177635f49f32d4aaf5409297e5ee
F-F-status:
https://observatory.mozilla.org/analyze.html?host=hacmint.com
-/skin/frontend/default/theme224k/js/scripts.js
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [['.input-box select, .input-box input, input.qty, .data-table textarea, .input-box textarea, .advanced']] of length 126 which may point to obfuscation or shellcode.
Consider:
http://www.domxssscanner.com/scan?url=https%3A%2F%2Fhacmint.com%2Fskin%2Ffrontend%2Fdefault%2Ftheme224k%2Fjs%2Fscripts.js
overflowing code to -http://dev.techsoup.nl/sites/all/modules/jquery_update/compat.js for instance...
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33891
malware fighter
Re: 54 instances of TROJ_CRYPCTB.NSA detected here?
«
Reply #1 on:
May 20, 2017, 12:01:39 AM »
Update
of this persistent threat:
http://urlquery.net/report.php?id=1495228834063
See:
https://sitecheck.sucuri.net/results/hacmint.com
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33891
malware fighter
Re: 54 instances of TROJ_CRYPCTB.NSA detected here?
«
Reply #2 on:
May 28, 2017, 12:08:34 AM »
Threat Name: Infostealer.Limitail
Location: htxps://hacmint.com/cgi_bin/Invoice-Report.zip
-> Domain Name Certificate Name EV Security Certificate's Authentic Fingerprint
hacmint dot com hacmint dot com — B5:7D:FB:E6:B9:8A:99:7A:05:6B:EB:A4:E6:CA:E7:C6:64:98:A9:88
Seems persistent, see here:
http://urlquery.net/report.php?id=1495919871071
See: -https://urlscan.io/result/a0ae7023-48ed-4fee-83de-ba192cd86cde/dom/
See:
https://www.virustotal.com/pl/url/1e69fb6b1ec56febc32edca93dfac5bbf08c303e5b65d43cd3efda58ee94413f/analysis/1495921958/
Web application version:
Magento version detected: 1.9.0.1
Magento not updated. We recommend version 1.9.2.4 or 2.0.7 ->
https://www.magereport.com/scan/?s=https://hacmint.com/
96 blacklisted links:
https://quttera.com/detailed_report/www.hacmint.com
polonus (volunteer website security analyst and website error-hunter)
«
Last Edit: May 28, 2017, 12:54:13 AM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
mchain
Avast Evangelist
Ultra Poster
Posts: 5564
Spartan Warrior
Re: 54 instances of TROJ_CRYPCTB.NSA detected here?
«
Reply #3 on:
May 29, 2017, 05:19:12 AM »
Updated urlquery scan:
http://urlquery.net/report.php?id=1496025490538
Logged
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762) UI version 1.0.797
UI version 1.0.788. Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
54 instances of TROJ_CRYPCTB.NSA detected here?