ZeroAccess C2 – mkvrpknidkurcrftiqsfjqdxbn

Any communications on your network with mkvrpknidkurcrftiqsfjqdxbn [.] com OR xlotxdxtorwfmvuzfuvtspel [.] com are from hosts compromised with ZeroAccess.

Also UDP communications on 16471

74.210.156.39:16471
173.93.188.226:16471
78.22.5.41:16471
69.181.26.45:16471
219.19.28.48:16471
78.251.212.224:16471

Examples:

https://www.virustotal.com/file/a2cb3fc8e092ce82eaf48ddb41eadadd08980940a3b0aefb98ddfc315669fb65/analysis/
https://www.virustotal.com/file/8b1cb87af19f8a195fbd30992a3a3e3a3e59eb15a91d2253a3e87c2f5b0e2484/analysis/
https://www.virustotal.com/file/ab763d7232ab5784856ab3d0e7611ae58eda3d132a83fea3c663aecbcad1debe/analysis/

Extremely popular submission on UrlQuery.

Comments are closed.