Help RSS API Feed Maltego Contact                        

Domain > ftp.forest-fire.net

This indicator is referenced in AlienVault OTX pulse ""

Is this malicious?
Most users have voted this as MALICIOUS

Reports
http://paper.seebug.org/papers/APT/APT_CyberCrimin...    
https://github.com/kbandla/APTnotes/blob/master/20...    

Files that talk to ftp.forest-fire.net
MD5A/V
25472d552f3439d610a0ea0feea59b18[W32.Clodbc2.Trojan.03fb] [Trojan.Cosmu.adzg] [Artemis!25472D552F34] [Trojan/Cosmu.adzg] [Trojan.Win32.Cosmu.klgde] [Trojan.ADH] [Malware] [Trojan.Win32.Cosmu.adzg] [Trojan.Cosmu!DCNiQvR312k] [UnclassifiedMalware] [DLOADER.Trojan] [Trojan/Cosmu.epg] [W32/Trojan.JIHJ-7007] [Win-Trojan/Cosmu.487461] [Trojan.Cosmu] [Trojan.Win32.Cosmu] [W32/Cosmu.ADZG!tr] [Trojan.Win32.Cosmu.AMG]
b35702471ac848a23b33b4b3aaaddf04[W32.Clod466.Trojan.fafa] [Artemis!B35702471AC8] [Trojan.Win32.Cosmu.dcbon] [Win.Trojan.Cosmu-953] [Heur.Suspicious] [Trojan.DownLoad.64253] [Trojan/Cosmu.ewt] [Trojan/Win32.Cosmu] [Win32.Troj.Cosmu.ah.(kcloud)] [Trojan:Win32/Comame] [Trojan.Win32.S.Cosmu.487461.A] [W32/Trojan.ZIZV-6509] [Win-Trojan/Cosmu.487461.B] [Trojan.Cosmu] [Trojan.Win32.Cosmu.arQ] [Trojan.Win32.Cosmu] [W32/Cosmu.AHEJ!tr] [Win32/Trojan.3e2]
b7b6dd5bcb3dcd87b74d1485b356a560[Trojan*Win32/Sisproc!rts] [W32.Clod5d8.Trojan.9dbf] [Trojan.Sisproc] [Artemis!B7B6DD5BCB3D] [Trojan.Win32.Cosmu.dhocz] [Trojan.Win32.Cosmu.ajfg] [Trojan.Cosmu!Dlv01sMr0ag] [Heur.Suspicious] [DLOADER.Trojan] [Trojan/Cosmu.epf] [Win32.Troj.Cosmu.(kcloud)] [Trojan:Win32/Sisproc!rts] [Trojan/Win32.Cosmu] [W32/Trojan.WDFE-3806] [Trojan.Cosmu] [Trojan.Win32.Cosmu] [W32/Cosmu.AJFG!tr]
c7cb3ec000ac99da19d46e008fd2cb73[W32.Clodb5b.Trojan.f6f9] [Trojan/W32.Cosmu.487463] [Artemis!C7CB3EC000AC] [Trojan/Cosmu.ajfg] [Trojan.Win32.Cosmu.dhocz] [Trojan.Win32.Cosmu.ajfg] [Trojan.Cosmu!Dlv01sMr0ag] [Heur.Suspicious] [DLOADER.Trojan] [Win32.Troj.Cosmu.(kcloud)] [W32/Trojan.WDFE-3806] [Trojan/Win32.Cosmu] [Trojan.Cosmu] [Trojan.Win32.Cosmu] [W32/Cosmu.AJFG!tr] [Trojan.Win32.Cosmu.as]
bba2d1e279101d9df3ee135a997457c7[W32.Cloda17.Trojan.fc90] [Trojan/W32.Cosmu.520237] [Artemis!BBA2D1E27910] [Trojan/Cosmu.adoz] [Trojan.Win32.Cosmu.diufk] [Trojan.ADH] [Malware] [Trojan.Win32.Cosmu.adoz] [Heur.Suspicious] [Win32.HLLW.MyBot.9104] [Trojan/Cosmu.emk] [Win32.Troj.Cosmu.ad.(kcloud)] [Trojan:Win32/Sisron] [W32/Trojan.WGTY-6689] [Win-Trojan/Cosmu.520237] [Trojan.Cosmu] [Trojan.Win32.Cosmu] [W32/Cosmu.ADOZ!tr] [Trojan*Win32/Sisron]
93783861bb2e2034202dd1e1a25ac8ee[W32.Clodeee.Trojan.2246] [Trojan.Provis] [Trojan.Win32.Cosmu.iioen] [Cosmu.V] [Win32/Multidropper.SB] [Win.Trojan.Cosmu-947] [Trojan.Win32.Cosmu.ahei] [Trojan.Cosmu!uZXWTouz3R4] [TR/Drop.Ag.amz] [Trojan/Cosmu.epf] [Win32.Troj.DeepScan.a.(kcloud)] [Trojan:Win32/Provis!rts] [Trojan.Win32.S.Cosmu.285982] [W32/Trojan.SXLU-0501] [Win-Trojan/Muldrop.285982] [Trojan.VBS.Disabler] [Trojan.Win32.Cosmu.amZ] [BV.Malware] [W32/Cosmu.AHEI!tr] [Trojan*Win32/Provis!rts]

Whois
PropertyValue
Email kyle.pepper@mail.ru
NameServer DNS2.PARKING-PAGE.NET
Created 2009-05-11 00:00:00
Changed 2014-05-12 00:00:00
Expires 2015-05-11 00:00:00
Registrar PDR LTD. D/B/A PUBLI