Thnx to Xylitol for sending me the first sample and helping to find more abt this botnet. The net is probably more then 100k bots and u cant connect via mIRC, i dont know if u can with HexChat. But here we are this time snk protected this bot with Steganos Live Encryption Engine. snkRead more...
WisdomEyes(Hosted In Kazakhstan Almaty Ps Internet Company Llc)
Domain IP ejug.bjksfohseaguu.org 185.22.65.81 ipecho.net 146.255.36.1 rcelafy.bjksfohseaguu.org 185.22.65.81 plipjpuceco.bjksfohseaguu.org 185.22.65.81 uhewu.bjksfohseaguu.org 185.22.65.81 elqzujudynu.bjksfohseaguu.org 185.22.65.81 axonjcedep.bjksfohseaguu.org 185.22.65.81 wtfismyip.com 69.30.217.90 ydeji.bjksfohseaguu.org 185.22.65.81 ytarjrozi.bjksfohseaguu.org 185.22.65.81 sdyfigi.bjksfohseaguu.org 185.22.65.81 ycxjefssozo.bjksfohseaguu.org 185.22.65.81 wmizo.bjksfohseaguu.org 185.22.65.81 amozityxam.bjksfohseaguu.org 185.22.65.81 oxxh.bjksfohseaguu.org 185.22.65.81 ezizzhah.bjksfohseaguu.orgRead more...
avtobizz.ru(Locky Ransomware Hosted In Romania Craiova Nforce Entertainment B.v.)
Protected by cloudflare but not hard to find the hoster. avtobizz.ru 104.31.89.136 Use hxxp://www.skypeipresolver.net/cloudflare.php to find the real ip. Locky here is hosted by blazinfast.io Logs from infected computers and samples here : hxxp://213.108.44.167/logiplya/ Hosting Infos : http://whois.domaintools.com/185.11.145.10
serv6625.servep2p.com(Win32.Trojan.WisdomEyes Hosted In Colombia Bogota Unus Inc.)
Domain : serv6625.servep2p.com Port : 6625 Sample : hxxp://107.170.8.163/dwn/winsys.exe Hosting Infos : http://whois.domaintools.com/128.90.115.105