Please don't use any files without giving me credit! Thanks :-)

Twitter:    @c_APT_ure | https://twitter.com/c_APT_ure
Blog:       http://c-apt-ure.blogspot.com/

Main Ponmocup research page:  (work in progress since 2011-05-30)
- http://www9.dyndns-server.com:8080/pub/botnet-links.html

****************************************
*  brand new C2 research is available  *
****************************************

The research was done mainly using the following resources (malware analysis reports):
- http://web.gsirt.com/TAZERWEB/
- http://www.threatexpert.com/
- http://www.google.com/        ;-)

Please feel free to browse and download all files below this path:  (dir browsing enabled)
- http://www9.dyndns-server.com:8080/pub/botnet/ponmocup/

The bash commands for most of this research is available here:  (copy/paste from history, no guarantee it works!)
- http://www9.dyndns-server.com:8080/pub/botnet/ponmocup/ponmocup-finder-1.bash.txt

The bulk of C2 domains and IPs was extracted from:
- http://www9.dyndns-server.com:8080/pub/botnet/ponmocup/C2-traffic-domains-more-details-full.txt
- http://www9.dyndns-server.com:8080/pub/botnet/ponmocup/C2-online-research.txt

The collection of newly found C2 domains, IPs, URL-patterns and User-Agents is here:
- http://www9.dyndns-server.com:8080/pub/botnet/ponmocup/C2-domains-IPs-MD5-date.txt

Request for creating IOC for this malware:
- https://forums.mandiant.com/topic/ioc-request-for-ponmocup-malware-botnet

last updated:  2011-11-28