This package contains mostly irc bots,banking trojans,RATS,worms,bitcoin miners Download samples: Download Download
Trojan-Ransom.Win32.Birele.wjr
Traffic – by TCP/IP Connections:97 outbound connection found Country IP Port IP 0.200.255.255 16471 BG 109.199.234.255 16471 UA 109.200.250.38 16471 JP 110.132.246.252 16471 JP 112.139.29.252 16471 CN 113.194.255.255 16471 IN 117.194.100.255 16471 JP 119.231.224.249 16471 JP 121.101.116.250 16471 IN 122.176.255.255 16471 JP 122.18.253.121 16471 JP 122.21.100.202 16471 JP 126.11.125.253 16471 US 146.115.56.251 16471 KG 158.181.255.255Read more...
anastasia.servequake.com(Insomnia 2.5.0 bot hosted in Spain Ovh Systems)
This is one report from Zazu here is the original link and all credits go to Zazu for this report DNS: anastasia.servequake.com DNS Provider: http://www.no-ip.com/ DNS resolved: 37.59.129.195 Port: 50111 Server Password: l33thack Channel #choi Bot Master’s Nickname: andrew Hosted By: http://www.vpsdeploy.com/ Location: Spain Sample: “https://dl.dropbox.com/u/9386997/andrew1.exe” Sample Status: The sample seems to be encrypted andRead more...
vnclimitedrun.in(http malware hosted in United States Los Angeles Black Lotus Communications)
Resolved : [vnclimitedrun.in] To [199.59.166.86] remote server: vnclimitedrun.in TCP port 443 get sample here what this sample does: Creates and executes scripts Creates files in windows system directory Deletes self Injects code into other processes Registers dynamic link libraries hosting infos: http://whois.domaintools.com/199.59.166.86
chatme.redirectme.net(irc botnet hosted in Romania Voxility S.r.l.)
Resolved : [chatme.redirectme.net] To [109.163.229.26] Remote Host Port Number 109.163.229.26 5555 Clients: I have 54 clients and 0 servers Local users: Current Local Users: 54 Max: 176 Global users: Current Global Users: 54 Max: 82 NICK New{US-XP-x86}6447253 USER 6447253 “” “6447253” :6447253 MODE New{US-XP-x86}6447253 +iMm JOIN #infected private PONG :7E4C6516 hosting infos: http://whois.domaintools.com/109.163.229.26
17 RATs (Hosted by home connections)
I’ve been collecting and scanning all of the files that I see on Digital’s IRC, and I’ve found that most of them are RATs that people have sent to Digital for i4i. They’re not worth a blog post so they tend to build up. Since Vaporizer (The other guy on the IRC, who is reallyRead more...
cuzcoxxx.ru(ngrBot hosted in United States Walnut Psychz Networks)
Domains used to control bots: crioamazonas.ru not active cuzcoxxx.ru 173.224.219.197 port 6068 irc server hisexoxxx.ru not active mlrioamazonas.ru not active rioamazonas.ru not active sexoxxx.ru not active sfsexoxxx.ru not active sample sample u can find channels or more by checking the sample hosting infos: http://whois.domaintools.com/173.224.219.197
W32/BitCoinMiner.D(hosted in United States Seattle Amazon.com Inc.)
Resolved : [mining.eligius.st] To [23.21.225.111] Control Panel: http://mining.eligius.st New Opened files which were contained within Memory File $Extend$ObjId File Documents and SettingsAdministratorApplication Data File Documents and SettingsAdministratorLocal SettingsApplication DataMicrosoftPortable Devices File System Volume Information_restore{307E7B41-0455-430D-B7AD-0176BCF9FE0E}RP21change.log File System Volume Informationtracking.log File WINDOWSTempPerflib_Perfdata_57c.dat File trkwks Potentially Malicious Changes in NTUSER.DAT File (This output only contains plain text entries,Read more...
http://sonic4me.com/ (Andromeda http malware hosted in Amsterdam worldstream.nl)
Location given by the anonymous friend at http://www.exposedbotnets.com/2012/06/malware-samples-and-irc-logs.html?showComment=1339497611124#c584928102134788577 login: http://sonic4me.com/login/ Panel: http://sonic4me.com/panel/index.php seems to be 404 now. Sample Sample link 1 Sample link 2 Hosting infos: http://whois.domaintools.com/217.23.10.217
128.204.202.152 (Insomnia bot hosted in United Kingdom dotvps.net)
Server Port 128.204.202.152 6667 Channel #Fanta Password Nick {RU|W7-32u}pugpidz I have 100 clients and 0 servers* Current Local Users: 100 Max: 683* Current Global Users: 100 Max: 683 Channel Users Topic #Fanta 101 [+sntu] d3FiQ3FNTzB3NnZEdWc9PXw2NjYxNzEzNA== * Topic for #Fanta is: d3FiQ3FNTzB3NnZEdWc9PXw2NjYxNzEzNA==* Topic for #Fanta set by White at Tue May 22 08:41:10 2012 * [fanta] (austintyle@fanta123):Read more...