The kesxerwoc.kz has been listed on Cyberwarzone as it has been identified by fidelissecurity.com as a malicious domain. In this particular case, we are dealing with a Pushdo Trojan domain which is used by cybercriminals to install Trojan on devices of unaware users or as a gateway for the Trojan to exchange information with the C&C server.
The Pushdo Trojan is classified as a “downloader” Trojan, meaning that its true purpose is to download and install additional malicious files on the infected device.
Fun fact: Did you know that once you visit one of the C&C servers of Pushdo with the wrong URL, it will send you a random message back like “Looking for Blackjack?”. The cybercriminals have implemented this to “trick” people into believing that they are visiting a website instead of the Pushdo C&C server.
|
DOMAIN |
TROJAN FAMILY |
FOUND BY |
|
kesxerwoc.kz |
pushdo |
fidelissecurity.com |
Aliases for the Pushdo Trojan:
- Trj/Downloader.SIA
- Backdoor.Win32.Agent.ehg
- W32/Smalltroj.CQWT
- Troj/Agent-GNA
- W32/Smalltroj.CQWT
Please use the following resources to get a better understanding about the Pushdo Trojan: