http://j5k8.ios6.in:5847/fe/oop.html

firefox3

http://j5k8.ios6.in:5847/fe/oop.html



20120422 060159        文件"C:\Users\A\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYDZHAKJ\ck[1].swf"属于病毒/间谍软件 'Troj/SWFExp-Z'。

C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYDZHAKJ\ck[1].swf        SWF/Exploit.CVE-2011-0611.A 特洛伊木马        已删除 - 已隔离        在应用程序新建的文件上发生事件: x:\Program Files\SogouExplorer\SogouExplorer.exe.

said411f

Malware

53jk.ios6.in:5847/fe/oop.html 13E63ABCE67AFC997CAC3EB6DFA7D778 218.65.30.10 CN Trojan-Downloader.JS.Psyme.gh
w5kk.ios6.in:5847/fe/pop.html 749F206B5AF7CAF9F0D711F6C33D5080 218.65.30.10 CN Exploit.JS.Agent.bkg
53jk.ios6.in:5847/fe/nop.html 6D0D88E50775D9369A6702181C562EBA 218.65.30.10 CN JS/Exploit.Shellcode.A.gen trojan
53jk.ios6.in:5847/fe/mop.html 9924945F59F123DA257B041BF55E827F 218.65.30.10 CN Virus found Exploit
53jk.ios6.in:5847/fe/pop.html 749F206B5AF7CAF9F0D711F6C33D5080 218.65.30.10 CN Exploit.JS.Agent.bkg
35hj.ios6.in:5847/fe/pop.html 749F206B5AF7CAF9F0D711F6C33D5080 218.65.30.10 CN Exploit.JS.Agent.bkg
k8mn.ios6.in:5847/fe/pop.html 749F206B5AF7CAF9F0D711F6C33D5080 218.65.30.10 CN Exploit.JS.Agent.bkg
a4ui.ios6.in:5847/fe/mop.html 9924945F59F123DA257B041BF55E827F 218.65.30.10 CN JS/Exploit.Shellcode.A.gen trojan
j5k8.ios6.in:5847/fe/oop.html 13E63ABCE67AFC997CAC3EB6DFA7D778 218.65.30.10 CN Trojan-Downloader.JS.Psyme.gh
6we7.ios6.in:5847/fe/mop.html 9924945F59F123DA257B041BF55E827F 218.65.30.10 CN JS/Exploit.Shellcode.A.gen trojan

656635525

wuyongliang

360拦截了

king1636

关于:hxxp://j5k8.ios6.in:5847/fe/oop.html解密的日志(全体输出 -  3):

Level  0>http://j5k8.ios6.in:5847/fe/oop.html
Level  1>http://7e.xpsp.in:5847/fe/xl.exe
Level  1>http://j5k8.ios6.in:5847/fe/ck.swf

日志由 Redoce2.1第28次修正版于 2012/4/22 18:15:42 生成。

很老的网马，估计除了网吧以外，很少有人种了。

s0s020000

chrome拦，趋势miss，没试ie
页面打不开