Login

***maxxa*** · 09-19-2022, 09:55 AM

Detektovan Malware.JS/Malscript.G13

Inficirani fajlovi:

Quote:hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/LayerSlider/js/jquery-easing-1[.]3[.]js?ver=1[.]3[.]0
hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/LayerSlider/js/jquerytransit[.]js?ver=0[.]9[.]9
hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/LayerSlider/js/layerslider[.]kreaturamedia[.]jquery[.]js?ver=4[.]6[.]3
hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/LayerSlider/js/layerslider[.]transitions[.]js?ver=4[.]6[.]3
hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/contact-form-7/includes/js/jquery[.]form[.]min[.]js?ver=3[.]51[.]0-2014[.]06[.]20
hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/contact-form-7/includes/js/scripts[.]js?ver=4[.]4[.]1
hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/custom-facebook-feed/js/cff-scripts[.]js?ver=2[.]4[.]6
hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/custom-twitter-feeds/js/ctf-scripts[.]js?ver=1[.]2[.]7
hxxp[:]//tirsova[.]rs/lat/wp-content/plugins/instagram-feed/js/sb-instagram[.]min[.]js?ver=1[.]5
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/bootstrap[.]min[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/custom[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/fancy/jquery[.]fancybox-buttons[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/fancy/jquery[.]fancybox-media[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/fancy/jquery[.]fancybox-thumbs[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/fancy/jquery[.]fancybox[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/html5shiv[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/jquery[.]mixitup[.]min[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/jquery[.]mousewheel[.]min[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/jquery[.]prettyLoader[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/jquery[.]prettyPhoto[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/jquery[.]roundabout[.]min[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/jquery[.]touchSwipe[.]min[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/modernizr[.]custom[.]46884[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/owl[.]carousel[.]min[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/script[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-content/themes/tirsova-lat/js/wishlist-functions[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-includes/js/comment-reply[.]min[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-includes/js/jquery/jquery-migrate[.]min[.]js?ver=1[.]2[.]1
hxxp[:]//tirsova[.]rs/lat/wp-includes/js/jquery/jquery[.]js?ver=1[.]11[.]3
hxxp[:]//tirsova[.]rs/lat/wp-includes/js/jquery/ui/effect-blind[.]min[.]js?ver=1[.]11[.]4
hxxp[:]//tirsova[.]rs/lat/wp-includes/js/jquery/ui/effect[.]min[.]js?ver=1[.]11[.]4
hxxp[:]//tirsova[.]rs/lat/wp-includes/js/wp-embed[.]min[.]js?ver=4[.]4[.]27
hxxp[:]//tirsova[.]rs/lat/wp-includes/js/wp-emoji-release[.]min[.]js?ver=4[.]4[.]27

Report sa urlquery

Nikada updateovani WordPress 4.4.28

Obaveštena klinika na zvanični email sa sajta, kao i nacionalni CERT.

1van · 09-19-2022, 10:00 AM

I to tako stoji ko zna od kada jel da?

***maxxa*** · 09-19-2022, 06:06 PM

O da, ima par meseci da sam ja to prijavio, detektovao pre toga... Mogu da pokušam da iskopam kod mene na AV-u kada je bio prvi alarm pa da imamo okvirno od kada je.

Ostala mi je još jedna potencijalna šansa za prijavu, na sajtu esigurnost.rs u odeljku članovi sam video gospodina Aleksandar Vukalović koji je (po opisu, i po linkedinu) Savetnik Ministra zdravlja za IT pa sam mislio još i njemu da pišem.

***y0d4*** · 10-10-2022, 08:44 PM

mozda bi bilo bolje da ga navucemo na ovaj forum :>

1van · 10-12-2022, 04:34 PM

I VirusTotal link: https://www.virustotal.com/gui/url/578e4.../detection

***maxxa*** · 10-25-2022, 05:59 PM

U međuvremenu su napredovali pa se desilo i da su se pojavile reklame za steroide.

Filename: Screenshot_20221025_173516.png Size: 143.52 KB 10-25-2022, 05:58 PM

Filename: Screenshot_20221025_173556.png Size: 147.95 KB 10-25-2022, 05:58 PM

***maxxa*** · 11-16-2022, 03:42 PM

Možda im je istekao sert, ali nije bitno jer je sajt u izradi i verujem da će rešiti i sert do lansiranja novog sajta Smile

Nisu mi nikada odgovorili ni na jedan email, ali nije bitno - bitno je da je zaustavljen malware spreading (a mene ako se sete za dan bezbednosti sete) sa tako prometnog sajta Cool

Filename: Screenshot_20221116_163223.png Size: 47.26 KB 11-16-2022, 03:40 PM

Filename: Screenshot_20221116_163157.png Size: 71.56 KB 11-16-2022, 03:40 PM

Filename: Screenshot 2022-11-16 at 16-32-35 Sajt u izradi.png Size: 71.41 KB 11-16-2022, 03:40 PM

***maxxa*** · 12-16-2022, 10:38 AM

Novi sajt je stigao! Smile

Malo bezi CSS, ali nije frka.

Filename: novatirsova.png Size: 517.5 KB 12-16-2022, 10:37 AM

Ponovo je wodrpress i... directory listing Smile

https://tirsova.rs/wp-content/uploads/

1van · 12-15-2023, 06:27 PM

IP Adrese:

Izvor URLQuery: 79.175.68.3
Izvor VirusTotal: 162.55.238.114

Login
Username/Email:
Password:	Lost Password?
	Remember me