Earth Preta Evolves its Attacks with New Malware and Strategies SHA256 Hashes Detection Description ee986beeb058ec27d0dad9a0a671bbabaa56057102faf30f63397bdbe7fca81f Trojan.MSIL.FDMTP.ZCLH FDMTP dropper 3514d2e74b476e1569bbf3311934809c6f8e97df5c9669a5fe475e508886df9f Trojan.Win32.FDMTP.ZYLH FDMTP 24a850f15a023f59389bf8fd1c33796cf3a5d8d08f77dda049d1c978a1825dde * Legitimate executable to load PUBLOAD 2e44ebe8d864ae19446d0853c51e471489c0893fc5ae2e042c01c7f232d2a2c2 Trojan.Win32.PUBLOAD.ZALE PUBLOAD loader a062fafaff556b17a5ccb035c8c7b9d2015722d86a186b6b186a9c63eeb4308a Trojan.Win32.PUBLOAD.ZCLE PUBLOAD shellcode component d1492101eb450f0e9badaea254e5551b49297fa4a98c53c939bb96bafd2151fe * HIUPAN host 586632c8bb5890c760efc21662105e649177deaf2b2c2eef3ede1da088f23a6c Worm.Win32.HIUPAN.ZBLE HIUPAN main component 68bec53e4772eee6c13278a471d669b916cdc797c81d128ee103ee90841fa19e * HIUPAN config 71f114842c30e94c95e57ad394969d5766ca28d056dc724c9820717cf03eb0fe Trojan.Win32.FDMTP.ZBLH FDMTP 959fd255338558d02c567680625d88f5c48e43827bbb1c408f2d43b01807809a Trojan.Win32.FDMTP.ZBLH FDMTP 466684ad5755c9ee6080ff2a01646824c63a90d3e5be923581b89c707267e79f Trojan.Win32.FDMTP.ZBLH FDMTP f67ce881d31e7475d3bd70cad8bdc8fe0e8fd5f66b87ede0e49109395f7033aa Trojan.Win32.FDMTP.ZBLH FDMTP e2f4b2d71e02b49a2721a88eea7bf7308143ee55d7d8119e5e291eafd4859af5 Trojan.Win32.FDMTP.ZBLH FDMTP ea18df47214ac1f96a75b1dffbe510b2855197490bc65f47886b25fc7e8aca15 Trojan.Win32.FDMTP.ZBLH FDMTP 533f47bc4997eed0491f58f24d45c7850cb460da252de90635938e095b5fc213 Trojan.Win32.FDMTP.ZBLH FDMTP c2bed145cf09022ee6a378dc5e9b3ae49b7c95a6551fa7310a1d997f93f6e2d1 * Legitimate executable to load FDMTP 99071b9df19024480e1b6d7049e6713486418759b7f0191643776bd0ac08172b Trojan.Win64.FDMTP.ZBLE FDMTP loader 756b9d6f50bd56adca1fa3d48ff07edf8ee3cc568fb32cbdd892403670343b43 Trojan.Win64.FDMTP.ZBLE FDMTP loader d69a4a7aa3144ee7ec35e7c3a3a4220f5a43bc29cc4cfa0f27fef60b4d93de8d Trojan.Win32.PUBLOAD.ZALH FDMTP loader 107ba73ae05ec6ba6d814665923191f14757015557eeeff16206cc957da29be3 * Legitimate executable to load PUBLOAD 14a9a74298408c65cb387574ffa8827abd257aa2b76f87efbaa1ee46e8763c57 Trojan.Win32.PUBLOAD.ZALH PUBLOAD 8ebb12d253a4b4c28435b25478abb590e94bdb55b83c55cda6d44c58a03bf9be Trojan.MSIL.PTSOCKET.ZBLE PTSOCKET 56cb16589ab852de4900496ef74212c17902867e90253b4d9d7f335ef7d45a7b Trojan.Win64.FDMTP.ZYLE FDMTP loader c662f5c851314d952cf3594232a7db5b96cb528716cd71bf38393b647cfd4c82 Trojan.MSIL.FDMTP.ZALH FDMTP f452b787e47493e89078e884bf92c61626e6ff4b9bc8eee8ae3728ddc65b7e46 Trojan.Win32.FDMTP.ZYLE FDMTP fd68b49acf9234a8592497ef1d675acd57c6a67c6975313772d12c837f3264d1 Trojan.Win32.FDMTP.ZYLH FDMTP 565fa2992212c89bdec334c0fd318b3fd2c91707431fd8186016f11645925892 Trojan.MSIL.FDMTP.ZCLE FDMTP df0e16a29c9dffe2ff7b3d4c957af7459fd7e6fa8026d067202912b997773749 Trojan.MSIL.FDMTP.ZCLE FDMTP 3278c06b5510edabb3318aa1892eb7e426e97946b86eea925965a46ba1725ebd Trojan.MSIL.FDMTP.ZCLE FDMTP 3b9ef9701ea2b2c1a89489ed0ed43ffabec9e22b587470899c0d5aca1a1e4302 Trojan.Win64.DOWNBAIT.ZCLF DOWNBAIT 9dd62afdb4938962af9ff1623a0aa5aaa9239bcb1c7d6216f5363d14410a3369 Trojan.Win64.PULLBAIT.ZALF PULLBAIT d8747574251c8b4ab8da4050ba9e1f6e8dbbaa38f496317b23da366e25d3028a Backdoor.Win32.CBROVER.ZALF CBROVER 7c520353045a15571061c3f6ae334e5f854d441bab417ebf497f21f5a8bc6925 Trojan.Win32.INEXLOAD.ZBLF Loader for CBROVER b63bc07202491a4dcd34cc419351edb2f2c395b2671d7acf7bfc88abada344ec TrojanSpy.Win32.FILESAC.ZBLF FILESAC 44d2d35ca87bf4292e4586bd08f3fe51d3fff693fed2f9795ff49733338ae8a7 Trojan.Win32.DULLOAD.ZCLF Loader for PLUGX afed5635fa6d63b158fc408d5048bf2dafd6da210a98f308c02c94514ae28fc8 Trojan.Win32.DULLOAD.ZCLF Loader for PLUGX b37b244595cac817a8f8dba24fbea208205e1d1321651237fe24fdcfac4f8ffc Backdoor.Win32.PLUGX.ZBLF PLUGX de08f83a5d2421c86573dfb968293c776a830d900af2bc735d2ecd7e77961aaf Backdoor.Win32.PLUGX.ZBLF PLUGX d32d7e86ed97509289fff89a78895904cf07a82824c053bfaf1bc5de3f3ba791 Backdoor.Win32.PLUGX.ZBLF PLUGX IPv4 Description 103[.]15[.]29[.]17 PUBLOAD C&C 154[.]90[.]32[.]88 FDMTP C&C 47[.]76[.]87[.]55 FDMTP C&C 154[.]90[.]32[.]88 FDMTP C&C 47[.]253[.]106[.]177 PUBLOAD C&C 16[.]162[.]188[.]93 Download site 18[.]163[.]112[.]181 CBROVER C&C Domains Description www[.]ynsins[.]com PLUGX C&C www[.]aihkstore[.]com PLUGX C&C www[.]bcller[.]com PLUGX C&C