This blog-post is to compile list of articles and information bits about the Asprox botnet.
Asprox malware is being spread around with phishing emails claiming to be from DHL/Fedex/USPS/American Airlines/Costco/Walmart/Pizza Hut/Home Depot/Target and many others as well. It also likes to claim it is court order, funeral/wedding announcement or missed voicemail from WhatsApp.
Asprox C2 Tracker - http://atrack.h3x.eu
Asprox Corpus of EXE (downloader) http://atrack.h3x.eu/corpus/2
Asprox Corpus of ZIP (downloader) http://atrack.h3x.eu/corpus/6
Asprox Corpus of EXE (2nd stage/update) http://atrack.h3x.eu/corpus/5
Asprox Corpus of TXT (displayed message) http://atrack.h3x.eu/corpus/7
Asprox Corpus of DLL modules http://atrack.h3x.eu/corpus/8
Materials on the topic:
- 2015-03-09 - Brad Duncan - What Happened to You, Asprox Botnet?
- 2015-02-25 - TechHelpList - former Asprox intfrastructure used for drug advertising
- 2015-02-04 - TechHelpList - former Asprox intfrastructure used for porn advertising
- 2015-01-02 - Malware-Traffic-Analysis - Fake Target phishing emails from the Asprox botnet
- 2014-12-29 - TechHelpList - Parking Violation Notice - Asprox Malware
- 2014-12-17 - TechHelpList - Details of your order from Best Buy - Asprox Malware
- 2014-12-16 - TechHelpList - Order Confirmation - Walgreens - Asprox Malware
- 2014-12-15 - PaloAlto - Kulouz, Asprox malware family accounts for 80% of attacks
- 2014-12-13 - Softpedia - Facebook Password Change Email Leads to Asprox Malware
- 2014-12-11 - TechHelpList - Facebook password change - Asprox Malware
- 2014-12-11 - The Register - Elderly zombie Asprox botnet STILL mauling biz bods, says survey
- 2014-12-11 - Malware-Traffic-Analysis - Asprox botnet phishing campaign - Subject: Facebook password change
- 2014-12-03 - Gary Warner - ASProx malware threat targets holiday shoppers
- 2014-12-03 - Brian Krebs - Be Wary of ‘Order Confirmation’ Emails
- 2014-11-27 - TechHelpList - Thank you for buying / Order Confirmation / Multiple - Asprox Malware
- 2014-11-20 - Damballa - Partners in Cyber Crime: Following an Advanced Malware Infection Chain
- 2014-11-20 - Damballa - Behind_Malware_Infection_Chain_Rerdom research paper
- 2014-11-12 - Malware-Traffic-Analysis.net - Asprox botnet fake Starbucks phishing emails - delivered Sirius Win 7 Antivirus 2014
- 2014-11-07 - PaloAlto - Kuluoz Trends – October 2014
- 2014-10-29 - Malware-Traffic-Analysis.net - Asprox botnet serving Starbucks coffee
- 2014-10-28 - Malware-Traffic-Analysis.net - Asprox botnet serving free pizza
- 2014-10-08 - TechHelpList - Enjoy your Starbucks Card eGift - Asprox Malware
- 2014-10-02 - TechHelpList - LINE - You have a voice message - Asprox Malware
- 2014-09-11 - Malware-Traffic-Analysis.net - Asprox botnet phishing campaign - DPD - Subject: Home Delivery Notification
- 2014-09-09 - Malware-Traffic-Analysis.net - Apsrox botnet phishing emails - Delta Airlines
- 2014-09-05 - Malware-Traffic-Analysis.net - Asprox botnet phishing email - FedEx - Subject: Postal Notification
- 2014-08-29 - Malware-Traffic-Analysis.net - Asprox botnet phishing email - Subject: Notice of court attendance
- 2014-08-28 - Nick - How Asprox Malware Became an APT in 4 Phases
- 2014-08-18 - Malware-Traffic-Analysis.net - Asprox botnet phishing email - Subject: Payment for driving on a toll road
- 2014-08-06 - Symantec - Asprox URLViewer delivers porn adverts
- 2014-08-04 - Kimberly - Asprox Update - Version 2050
- 2014-07-28 - Long Tran (Fortinet) - Changes in the Asprox Botnet
- 2014-07-22 - Malware-Traffic-Analysis.net - Asprox botnet fake E-ZPass phishing emails
- 2014-07-10 - Malware-Traffic-Analysis.net - Asprox botnet fake court case phishing emails
- 2014-07-09 - Malware-Traffic-Analysis.net - Asprox botnet fake funeral announcement phishing emails
- 2014-07-08 - Malware-Traffic-Analysis.net - Asprox botnet fake E-ZPASS phishing emails
- 2014-06-17 - Kevin Ross - Suricate IDS signature for Asprox traffic
- 2014-06-16 - FireEye - A Not-So Civic Duty: Asprox Botnet Campaign Spreads Court Dates and Malware
- 2014-05-15 - Kimberly - A Journey Inside the Asprox Modules
- 2014-03-17 - Frank Jas - New variant of Kuluoz discovered
- 2014-02-28 - Kimberly - Urgent eviction notification - A deeper dive into the Asprox Ecosystem
- 2014-02-12 - TechHelpList - Your application received - Asprox Malware
- 2014-02-06 - TechHelpList - Asprox botnet advertising fraud - general overview 1
- 2014-01-30 - Kimberly - Eubank Funeral Home themed emails lead to Asprox
- 2014-01-30 - Brad - Asprox Emails and Malware
- 2014-01-11 - Kimberly - PG&E Energy Statement themed emails lead to Asprox
- 2014-01-15 - TechHelpList - Death Notification - Asprox Malware
- 2014-01-07 - TechHelpList - Delivery Canceling - Energy Statement - Malware
- 2014-01-07 - Kimberly - Best Buy themed emails lead to Asprox
- 2014-01-06 - TechHelpList - Asprox botnet trojan run - advertising fraud 1
- 2014-01-04 - Herrcore - Inside The New Asprox/Kuluoz
- 2014-01-05 - Kimberly - Atmos Energy Bill themed emails lead to Asprox
- 2013-12-30 - Kimberly - The Asprox botnet wants you to appear in Court
- 2014-12-26 - Kimberly - Costco themed emails lead to Asprox
- 2013-12-26 - Peter Kruse - Asprox er tilbage (Adobe License)
- 2013-12-26 - Gary Warner - Holiday Delivery Failures lead to Kuluoz malware
- 2013-12-26 - TechHelpList - Scheduled Home Delivery Problem - Asprox Malware
- 2013-12-23 - TechHelpList - Hearing of your case in Court NR#... - Virus
- 2013-12-23 - Conrad Longmore - "Hearing of your case in Court NR#6976" spam
- 2013-12-23 - Daniel Wesemann - Costco, BestBuy, Walmart really want to send you a package!
- 2013-12-23 - TechHelpList - Hearing of your case in Court NR#... - Virus
- 2013-12-22 - TechHelpList - Asprox botnet trojan run - malware spamming 1
- 2013-12-20 - TechHelpList - Please look my CV - Virus
- 2013-12-14 - Johannes B. Ullrich - WhatsApp Malware Spam uses Geolocation to Mass Customize Filename
- 2013-12-06 - TechHelpList - You can download your ticket #... - Virus
- 2013-11-28 - Kimberly - Fake WhatsApp Voice Mail Notification invites Asprox and friends - Kimberly spotted that downloads are using geoip location to custmize filename
- 2013-11-13 - Kimberly - Analysis of Asprox and its New Encryption Scheme
- 2013-11-12 - TechHelpList - New Voicemail Notification - WhatsApp - Malware
- 2013-10-18 - TechHelpList - Wedding Invitation - Malware
- 2013-09-20 - Gary Warner - Fake AV Malware Hits the Android
- 2013-08-15 - Shaked Bar - Kuluoz: Malware and botnet analysis
- 2013-07-07 - #MalwareMustDie! In war with Kuluoz network../2/3
- 2013-06-05 - TechHelpList - Fake Fedex Item Forbidden - Virus
- 2013-06-04 - TechHelpList - Your Parcel Has Been Send - Virus
- 2013-05-01 - RebSnippets - Asprox Botnet 2013 - Phishing Malware As a Service
- 2013-04-22 TechHelpList - Your Order - Fake DHL Malware
- 2013-03-04 - Trendmicro - Asprox Reborn blog
- 2013-02-28 - Trendmicro - Asprox Reborn research paper
- 2013-02-01 - Trendmicro - Asprox Botnet Reemerges in the Form of KULUOZ
- 2013-02-01 - Trendmicro - BKDR_KULUOZ – At a Spam Near You
- 2012-10-09 - HertSec - Investigating UPS Phishing Emails
- 2012-12-12 - Kent Backman - Another familiar phish, yet more ransomware controller proxies
- 2012-09-25 - Kent Backman - New Asprox phish, a few old and many more controller proxies
- 2012-09-21 - Miroslav Stampar - Analysis of mass SQL injection attacks(old scheme)
- 2012-09-15 - Kent Backman - Click here for your Asprox package
- 2012-08-30 - Christopher J. Marcinko - No, USPS Did Not Fail to Deliver a Package This Week
- 2012-01-14 - Ken Johnson - FakeAVLock - FedEx Shipping Issues - Revisited
- 2010-06-25 - ITNews - Asprox botnet causing serious concern
- 2009-10-05 - Gunter Ollmann - Asprox Rearing its SQL Injection Head Again
- 2009-02-10 - Greg Martin - ASPROX Back with a vengance
- 2008-09-29 - SANS - ASPROX mutant
- 2008-08-04 - Greg Martin - ASPROX Latest Attack Vector: JS.JS
- 2008-07-?? - SANS - Cleanup in isle 3 please. Asprox lying around
- 2008-07-23 - Greg Martin - ASPROX SQL Injection Botnet and iFrame/Malware
- 2008-07-07 - Greg Martin - ASPROX Payload Morphed NGG.JS
- 2008-06-30 - SANS Robert Danford - More SQL Injection with Fast Flux hosting
- 2008-06-26 - Gerg Martin - ASPROX SQL Injection Attacks cont.
- 2008-06-23 - Greg Martin - ASPROX SQL Injection Botnet and iFrame/Malware
- 2008-06-13 - SANS Johannes Ulrich - SQL Injection: More of the same
- 2008-01-09 - SANS Bojan Zdrnja - Mass exploits with SQL Injection