tirsova.rs spread malware - maxxa - 09-19-2022
Detektovan Malware.JS/Malscript.G13
Inficirani fajlovi:
Quote:hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/LayerSlider/js/jquery-easing-1[.]3[.]js?ver=1[.]3[.]0
hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/LayerSlider/js/jquerytransit[.]js?ver=0[.]9[.]9
hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/LayerSlider/js/layerslider[.]kreaturamedia[.]jquery[.]js?ver=4[.]6[.]3
hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/LayerSlider/js/layerslider[.]transitions[.]js?ver=4[.]6[.]3
hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/contact-form-7/includes/js/jquery[.]form[.]min[.]js?ver=3[.]51[.]0-2014[.]06[.]20
hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/contact-form-7/includes/js/scripts[.]js?ver=4[.]4[.]1
hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/custom-facebook-feed/js/cff-scripts[.]js?ver=2[.]4[.]6
hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/custom-twitter-feeds/js/ctf-scripts[.]js?ver=1[.]2[.]7
hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/instagram-feed/js/sb-instagram[.]min[.]js?ver=1[.]5
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/bootstrap[.]min[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/custom[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/fancy/jquery[.]fancybox-buttons[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/fancy/jquery[.]fancybox-media[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/fancy/jquery[.]fancybox-thumbs[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/fancy/jquery[.]fancybox[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/html5shiv[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/jquery[.]mixitup[.]min[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/jquery[.]mousewheel[.]min[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/jquery[.]prettyLoader[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/jquery[.]prettyPhoto[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/jquery[.]roundabout[.]min[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/jquery[.]touchSwipe[.]min[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/modernizr[.]custom[.]46884[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/owl[.]carousel[.]min[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/script[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/wishlist-functions[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-includes/js/comment-reply[.]min[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-includes/js/jquery/jquery-migrate[.]min[.]js?ver=1[.]2[.]1
hxxp[:]//tirsova[.]rs/lat/wp-includes/js/jquery/jquery[.]js?ver=1[.]11[.]3
hxxp[:]//tirsova[.]rs/lat/wp-includes/js/jquery/ui/effect-blind[.]min[.]js?ver=1[.]11[.]4
hxxp[:]//tirsova[.]rs/lat/wp-includes/js/jquery/ui/effect[.]min[.]js?ver=1[.]11[.]4
hxxp[:]//tirsova[.]rs/lat/wp-includes/js/wp-embed[.]min[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-includes/js/wp-emoji-release[.]min[.]js?ver=4[.]4[.]27
Report sa urlquery
Nikada updateovani WordPress 4.4.28
Obaveštena klinika na zvanični email sa sajta, kao i nacionalni CERT.
RE: tirsova.rs spread malware - 1van - 09-19-2022
I to tako stoji ko zna od kada jel da?
RE: tirsova.rs spread malware - maxxa - 09-19-2022
O da, ima par meseci da sam ja to prijavio, detektovao pre toga... Mogu da pokušam da iskopam kod mene na AV-u kada je bio prvi alarm pa da imamo okvirno od kada je.
Ostala mi je još jedna potencijalna šansa za prijavu, na sajtu esigurnost.rs u odeljku članovi sam video gospodina Aleksandar Vukalović koji je (po opisu, i po linkedinu) Savetnik Ministra zdravlja za IT pa sam mislio još i njemu da pišem.
RE: tirsova.rs spread malware - y0d4 - 10-10-2022
mozda bi bilo bolje da ga navucemo na ovaj forum :>
RE: tirsova.rs spread malware - 1van - 10-12-2022
I VirusTotal link: https://www.virustotal.com/gui/url/578e449222ad57f6f86c883af61b710c4c83d4260f801e7a9423a858f76ce9ee/detection
RE: tirsova.rs spread malware - maxxa - 10-25-2022
U međuvremenu su napredovali pa se desilo i da su se pojavile reklame za steroide.
RE: tirsova.rs spread malware - maxxa - 11-16-2022
Možda im je istekao sert, ali nije bitno jer je sajt u izradi i verujem da će rešiti i sert do lansiranja novog sajta
Nisu mi nikada odgovorili ni na jedan email, ali nije bitno - bitno je da je zaustavljen malware spreading (a mene ako se sete za dan bezbednosti sete) sa tako prometnog sajta
RE: tirsova.rs spread malware - maxxa - 12-16-2022
Novi sajt je stigao!
Malo bezi CSS, ali nije frka.
Ponovo je wodrpress i... directory listing
https://tirsova.rs/wp-content/uploads/
RE: tirsova.rs spread malware - 1van - 12-15-2023
IP Adrese:
Izvor URLQuery: 79.175.68.3
Izvor VirusTotal: 162.55.238.114
|