-
-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Block various domains accessed by trojan #538
Comments
May I suggest you to add a password to the |
spirillen
added a commit
to mypdns/matrix
that referenced
this issue
Feb 17, 2020
`jload01.info` `rifat01.info` Domains used by TrojanHorse. Reportet by https://github.com/Somebodyisnobody at Ultimate-Hosts-Blacklist/Ultimate.Hosts.Blacklist#538 Signed-off-by: Spirillen <[email protected]>
This issue was moved by funilrys to Ultimate-Hosts-Blacklist/blacklist#1. |
Somebodyisnobody
added a commit
to Ultimate-Hosts-Blacklist/blacklist
that referenced
this issue
Mar 27, 2020
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After executing a trojan on an isolated host system I got following domains on my dns-server:
lodddd01.info
jload01.info
rifat01.info
Some other requested domains were already blocked, I assume they are here in the list.
Attached a traffic capture where you can see which files are being downloaded (e.g. stream 3 where "jload01.info/downfiles/1.exe" is called or stream 0 where a zip with
is being uploaded to rifat01.info. The zip attached is extracted from the stream)
trojan_filtered.zip (wireshark capture file)
index.php.zip
trojan.zip (only download if you know how to handle a trojan, password "trojan")
The text was updated successfully, but these errors were encountered: