PlugX Tracker - About
Contact: ptrack ☺ h3x.eu
This site was created as weekend project to serve as a tracker for C&C sites of PlugX family and a platform to catalogize corpus of related malware.
Credits go also to Virus Total and Team Cymru - #Totalhash' for providing research platforms and SpamHaus for sharing the word.
Credits go also to Virus Total and Team Cymru - #Totalhash' for providing research platforms and SpamHaus for sharing the word.
If you like the stuff you can:
- just send me and email greeting ;)
- donate related samples which are either grey or completely missing from the PlugX corpus
- sponsor malwr.com so they can continue the great work with the cuckoo platform.
- sponsor this service by using my Digital Ocean referal link and get 10$ as a bonus ;).
Information published here can be freely used/modified/re-distributed.
In no way I deem myself responsible for this information to be complete or 100% accurate.
In no way I deem myself responsible for this information to be complete or 100% accurate.
For automation you can use these feeds:
http://ptrack.h3x.eu/api/plugx_sample_24h.php - new samples discovered in last 24h
http://ptrack.h3x.eu/api/plugx_download_all.php - all download links
http://ptrack.h3x.eu/api/plugx_download_active.php - active download links to ZIP files in a format present in the phishing + EXE updates of the 1st stage downloader
http://ptrack.h3x.eu/api/plugx_download_expanded_active.php - expanded active download links including the filenames
http://ptrack.h3x.eu/api/plugx_download_2nd_all.php - links to download of the 2nd stage EXE
http://ptrack.h3x.eu/api/plugx_download_24h.php - new download links for last 24 hours
http://ptrack.h3x.eu/api/plugx_c2_active.php - links to active C2 sites - NOT WORKING
http://ptrack.h3x.eu/api/plugx_c2_suspected.php - links to sites being suspected to be C2 for plugx
http://ptrack.h3x.eu/api/plugx_c2_down.php - links to C2 sites which are down with the last scan
http://ptrack.h3x.eu/api/plugx_c2_all.php- links to all C2 sites
http://ptrack.h3x.eu/api/plugx_c2_active_csv.php - NOT WORKING list of active C2 sites
http://ptrack.h3x.eu/api/plugx_c2_all_csv.php - all C2 sites in CSV format with additional info
http://ptrack.h3x.eu/api/plugx_c2_full_csv.php - full info on all C2 sites in CSV format
If you like the content on this site and want to support it - use my referral for new account on DigitalOcean.com and Get 10$ bonus for running your machine.
http://ptrack.h3x.eu/api/plugx_sample_24h.php - new samples discovered in last 24h
http://ptrack.h3x.eu/api/plugx_download_all.php - all download links
http://ptrack.h3x.eu/api/plugx_download_active.php - active download links to ZIP files in a format present in the phishing + EXE updates of the 1st stage downloader
http://ptrack.h3x.eu/api/plugx_download_expanded_active.php - expanded active download links including the filenames
http://ptrack.h3x.eu/api/plugx_download_2nd_all.php - links to download of the 2nd stage EXE
http://ptrack.h3x.eu/api/plugx_download_24h.php - new download links for last 24 hours
http://ptrack.h3x.eu/api/plugx_c2_active.php - links to active C2 sites - NOT WORKING
http://ptrack.h3x.eu/api/plugx_c2_suspected.php - links to sites being suspected to be C2 for plugx
http://ptrack.h3x.eu/api/plugx_c2_down.php - links to C2 sites which are down with the last scan
http://ptrack.h3x.eu/api/plugx_c2_all.php- links to all C2 sites
http://ptrack.h3x.eu/api/plugx_c2_active_csv.php - NOT WORKING list of active C2 sites
http://ptrack.h3x.eu/api/plugx_c2_all_csv.php - all C2 sites in CSV format with additional info
http://ptrack.h3x.eu/api/plugx_c2_full_csv.php - full info on all C2 sites in CSV format
If you like the content on this site and want to support it - use my referral for new account on DigitalOcean.com and Get 10$ bonus for running your machine.