The version 5.33 of CCleaner[1] has been reported as compromised (only the 32bits version) and delivers a malware during the installation. If you installed CCleaner between Augustus 15th and September 12th, you better have to search for potentially infected systems. Here is the list of DGA domains that could help to track the infected hosts:
ab6d54340c1a.com
aba9a949bc1d.com
ab2da3d400c20.com
ab3520430c23.com
ab1c403220c27.com
ab1abad1d0c2a.com
ab8cee60c2d.com
ab1145b758c30.com
ab890e964c34.com
ab3d685a0c37.com
ab70a139cc3a.com
Xavier Mertens (@xme)
ISC Handler – Freelance Security Consultant
PGP Key
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.