Geodo Tracker - About
Contact: gtrack ☺ h3x.eu
This site was created as weekend project to serve as a tracker for C&C sites of Geodo family and a platform to catalogize corpus of related malware.
Please sponsor malwr.com so they can continue the great work with the cuckoo platform.
Credits go also to Virus Total and Team Cymru - #Totalhash' for providing research platforms and SpamHaus for sharing the word.
Please sponsor malwr.com so they can continue the great work with the cuckoo platform.
Credits go also to Virus Total and Team Cymru - #Totalhash' for providing research platforms and SpamHaus for sharing the word.
If you like the stuff you can sponsor the host by using my Digital Ocean referal link and get 10$ as a bonus ;).
Information published here can be freely used/modified/re-distributed.
In no way I deem myself responsible for this information to be complete or 100% accurate.
In no way I deem myself responsible for this information to be complete or 100% accurate.
For automation you can use these feeds:
http://gtrack.h3x.eu/api/geodo_sample_24h.php - new samples discovered in last 24h
http://gtrack.h3x.eu/api/geodo_download_all.php - all download links
http://gtrack.h3x.eu/api/geodo_download_active.php - active download links to ZIP files in a format present in the phishing + EXE updates of the 1st stage downloader
http://gtrack.h3x.eu/api/geodo_download_expanded_active.php - expanded active download links including the filenames
http://gtrack.h3x.eu/api/geodo_download_2nd_all.php - links to download of the 2nd stage EXE
http://gtrack.h3x.eu/api/geodo_download_24h.php - new download links for last 24 hours
http://gtrack.h3x.eu/api/geodo_c2_active.php - links to active C2 sites - NOT WORKING
http://gtrack.h3x.eu/api/geodo_c2_suspected.php - links to sites being suspected to be C2 for geodo
http://gtrack.h3x.eu/api/geodo_c2_down.php - links to C2 sites which are down with the last scan
http://gtrack.h3x.eu/api/geodo_c2_all.php- links to all C2 sites
http://gtrack.h3x.eu/api/geodo_c2_active_csv.php - NOT WORKING list of active C2 sites
http://gtrack.h3x.eu/api/geodo_c2_all_csv.php - all C2 sites in CSV format with additional info
http://gtrack.h3x.eu/api/geodo_c2_full_csv.php - full info on all C2 sites in CSV format
If you like the content on this site and want to support it - use my referral for new account on DigitalOcean.com and Get 10$ bonus for running your machine.
http://gtrack.h3x.eu/api/geodo_sample_24h.php - new samples discovered in last 24h
http://gtrack.h3x.eu/api/geodo_download_all.php - all download links
http://gtrack.h3x.eu/api/geodo_download_active.php - active download links to ZIP files in a format present in the phishing + EXE updates of the 1st stage downloader
http://gtrack.h3x.eu/api/geodo_download_expanded_active.php - expanded active download links including the filenames
http://gtrack.h3x.eu/api/geodo_download_2nd_all.php - links to download of the 2nd stage EXE
http://gtrack.h3x.eu/api/geodo_download_24h.php - new download links for last 24 hours
http://gtrack.h3x.eu/api/geodo_c2_active.php - links to active C2 sites - NOT WORKING
http://gtrack.h3x.eu/api/geodo_c2_suspected.php - links to sites being suspected to be C2 for geodo
http://gtrack.h3x.eu/api/geodo_c2_down.php - links to C2 sites which are down with the last scan
http://gtrack.h3x.eu/api/geodo_c2_all.php- links to all C2 sites
http://gtrack.h3x.eu/api/geodo_c2_active_csv.php - NOT WORKING list of active C2 sites
http://gtrack.h3x.eu/api/geodo_c2_all_csv.php - all C2 sites in CSV format with additional info
http://gtrack.h3x.eu/api/geodo_c2_full_csv.php - full info on all C2 sites in CSV format
If you like the content on this site and want to support it - use my referral for new account on DigitalOcean.com and Get 10$ bonus for running your machine.