Jump to content

Recommended Posts

  • 8 months later...

Here's excerpts from my logs of today & yesterday, have been experiencing frequent pop up notifications about what I think looks very similar.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan, 21/11/2016 02:40, SYSTEM, ROBERT-PC, Context, Start:21/11/2016 02:35, Duration:4 min 47 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Detection, 21/11/2016 04:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 6048, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, 
Detection, 21/11/2016 04:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 6048, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, 
Protection, 21/11/2016 20:34, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Started, 
Detection, 21/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 7863, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, 
Detection, 21/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 7863, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, 
Detection, 21/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 7866, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 21/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 7867, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 21/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 7869, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 21/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 7870, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 21/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 7875, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Detection, 20/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 3808, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, 
Detection, 20/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 3808, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,

(end)

Link to post
Share on other sites

After some rummaging around on the internet this looks to be adware/malware that uses powershell to execute, which ties up with what my logs show above.

https://www.cybereason.com/the-dawn-of-sophisticated-powershell-adware-campaigns/

"One particularly persistent adware attack piqued our interest around March. This attack leverages PowerShell, a Windows scripting language, to execute commands and remain persistent on the host machines. Along with creating hourly scheduled tasks, the adware also has the potential to download additional malicious code and direct the user to compromised websites.

The IOCs from our samples include the following hosts and IPs:
• Beautyfile[.]info
• sunlongo[.]info
• finhoome[.]info
• contexfix[.]info
• customsky[.]net
• easypop[.]info
• unitdata[.]info
• fliparray[.]info
• secureb[.]info
• tablezip[.]info
• forallshop[.]info
• macrosoftman[.]info
• openyes[.]info
• secureb[.]info
• forallshop[.]info.

• 37.48.119.38
• 50.63.202.63
• 146.112.61.107
• 185.17.184.6
• 185.17.184.10
• 185.17.184.11.

Link to post
Share on other sites

  • 4 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.