Domains used for the botnet: chicken1000.mooo.com 127.0.0.2 not active yet api.wipmania.com 199.15.234.7 fasterthanhim.com 91.226.78.31 active sad-stone.com NONE not active yet sad-stone.com.local NONE not active yet C&C Server: 91.226.78.31:8765 Server Password: Username: dxvzrjf Nickname: n{DE|XPa}dxvzrjf Channel: #GODS (Password: secret) Channeltopic: :~up http://www.emprender.edu.co/media/system/js/war.exe 24e3da41454dcbe517037d306c644245 ~mdns http://www.farmaciavirtual.com.co/pruebas/z.txt sample here and here hosting infos: http://whois.domaintools.com/91.226.78.31
37.59.74.224(irc botnet hosted in OVH ISP Paris, France)
Remote Host Port Number 37.59.74.224 6665 PASS google_cache2.tmp NICK new[fbe-XP-USA]286504 USER 0348 “” “TsGh” :0348 PONG :901E418A JOIN #G u12344u Now talking in #G Topic On: [ #G ] [ ] Topic By: [ inm ] Joins: [fbe-XP-YEM]541433 [5414@0wn3d-F3F21148.dynamic.yemennet.ye] Joins: [fbe-XP-SAU]731906 [4962@84EEFA9B.2199BF6.97E20028.IP] Joins: [fbe-XP-SAU]000244 [0002@37AB46F7.7A8C2D64.C25393E1.IP] Joins: [fbe-XP-SAU]737710 [7377@C250848.3BBB233E.5822195F.IP] Joins: [fbe-XP-SAU]372114 [3721@DFD745AA.8F1AA4B1.A97334FE.IP] Joins: [fbe-W7-USA]180197 [0792@4A76F5E6.CCDF15C9.3AA76D10.IP] hostingRead more...
213.239.195.4(irc botnet hosted in Germany Gunzenhausen Hetzner Online Ag)
Remote Host Port Number 213.239.195.4 2345 MODE New[USA|00|P|46215] -ix PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. JOIN #!loco! PONG 22 MOTD Channel Topic for Channel #!loco!: “.m.s|.m.e ehaha foto http://goo.gl/ymh4i?=” Private Message to Channel #!loco!: “[M]: Thread Activated: Sending Message With Email.” Private Message to Channel #!loco!: “[M]:Read more...
RevProxy | a webpanel reverse Proxy Bot hosted in Seychelles Ideal Solution Ltd)
Download the package including sample and pieces from admin panel here Download Virustotal scan here hosting infos: http://whois.domaintools.com/193.107.16.108
211.138.126.142(irc botnet hosted in China Zhejiang China Mobile Communications Corporation – Zhejiang)
Remote Host Port Number 211.138.126.142 6532 PASS fuck3d MODE #hp# -ix PONG irc.nkworld.com NICK [00|USA|667594] USER XP-3819 * 0 :COMPUTERNAME MODE [00|USA|667594] -ix JOIN #hp# fux hosting infos: http://whois.domaintools.com/211.138.126.142
61.31.99.67(irc botnet hosted in Taiwan Taipei Taiwan Fixed Network Co. Ltd)
Remote Host Port Number 173.255.237.110 80 199.15.234.7 80 76.73.3.162 80 61.31.99.67 1863 PASS boss 61.31.99.67 4042 PASS boss NICK [USA|00||324811] USER xp-2815 * 0 :COMPUTERNAME MODE [USA|00||324811] -ix JOIN #new PRIVMSG #new : Now talking in #new Topic On: [ #new ] [ ] Topic By: [ chk ] hosting infos: http://whois.domaintools.com/61.31.99.67
46.105.232.106(irc botnet hosted in Ireland Ovh Systems)
Remote Host Port Number 46.105.232.106 1866 NICK n[USA|XP|COMPUTERNAME]pzammgy USER hh “” “lol” :hh JOIN #!h! PONG 422 Now talking in #!h! Topic On: [ #!h! ] [ ] Topic By: [ xx ] hosting infos: http://whois.domaintools.com/46.105.232.106
c4t3ring.info(ngrBot hosted in United States Herndon Road Runner Holdco Llc)
Domains used to control bots: pedoapestoso.info not active c4t3ring.info ramen4all.info Resolved : [c4t3ring.info] To [74.62.152.211] Resolved : [ramen4all.info] To [74.62.152.211] c4t3ring.info:6161 Botnet server here ramen4all.info:6161 Botnet server here Clients: I have 247 clients and 0 servers Local users: Current Local Users: 247 Max: 1261 Global users: Current Global Users: 247 Max: 280 PASS p3p1n0 NICKRead more...
rlz1lola.info(ngrBot hosted in Germany Hetzner Online Ag)
Large ngrBot server hosted in Germany Here u have strings from 2 executable samples 30upjmrlzz.exe Processes: PID ParentPID User Path -------------------------------------------------- 2872 1236 C:Documents and SettingsMes documents30upjmrlzz.exe Ports: Port PID Type Path -------------------------------------------------- Explorer Dlls: DLL Path Company Name File Description -------------------------------------------------- No changes Found IE Dlls: DLL Path Company Name File Description -------------------------------------------------- NoRead more...