ET TROJAN Possible Compromised Host Sinkhole Cookie Value Snkz

Is this a ransomeware launcher or a script miner? https://urlquery.net/report/2dc64593-68a1-469f-8dad-3e839c58a69d
Re: https://www.malwares.com/report/host?host=183.ns2275ab.com
Re: https://www.threatcrowd.org/ip.php?ip=212.61.180.100
Alerted via a malware connectivity check!

polonus

https://www.virustotal.com/#/url/ef2f5b5c9eacc12b3079f8f297f51716091a7b8021c29f93294ce09f1fcd5962/detection

read community comments
https://www.virustotal.com/#/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/community

Hi Pondus,

Thanks you for again dotting the i’s and crossing the t’s on that VT scan results.

What would we do without your relevant knowledge on VT scans, dear Pondus?

So the final verdict has not been handed out on it then.

And it now hangs in the balance, between a FP or a malicious 0-day detection.

Just wait and see what it will be in the end.

Anyway we have reported it here in the “virus & worms”, and that alone is a good thing.

polonus

Another one: https://urlquery.net/report/ad327386-308a-4b89-aa4a-7bfe2ae0eb34
For IP see: https://ransomwaretracker.abuse.ch/ip/212.61.180.100/
Malware, phishing etc. → https://cymon.io/212.61.180.100
and https://www.malwares.com/report/ip?ip=212.61.180.100

polonus

UPDATE

Malware still being launched from that particular IP:
Re malware and blacklisted: https://urlquery.net/report/04e07806-0297-446f-99e5-017ef7bf3e8e
5 instances to detect: https://www.virustotal.com/#/url/4b1ca1255ed85a34742be0a00261abf23160a7e6dddc6be3f7f0fc053232c380/detection
More nasties from there: https://www.virustotal.com/#/domain/dl2.iq5download.com

Also consider on IP: https://ransomwaretracker.abuse.ch/ip/212.61.180.100/
and https://otx.alienvault.com/indicator/ip/212.61.180.100
and https://cymon.io/212.61.180.100 and https://www.malwares.com/report/ip?ip=212.61.180.100
and https://www.threatminer.org/host.php?q=212.61.180.100
and https://www.joesandbox.com/analysis/54038/0/html

polonus