Resolved www.pen-t-house.com to 85.17.139.16 Server: www.pen-t-house.com Gate file: /baby/index.php Hosting infos: http://whois.domaintools.com/85.17.139.16 Related md5s (Search on Malwr.com to find samples) Smoke: d24b40d1c7d410e6069fc3eaf101b171
dd.sult4n.net(ngrBot hosted in United States Chicago Steadfast Networks)
Thanks to anonymous guy here for finding this botnet. Resolved : [dd.sult4n.net] To [67.202.92.70] Resolved : [www.8rb.su] To [67.202.92.70] Other domains: xx.sult4n.net, x.sult4n.net Thnx to Userbased for this and for server and channel pass Server : dd.sult4n.net:4040 PASS sulxx Channel : #m PASS sul111 Now talking in #m Topic On: [ #m ] [ !mod usbiRead more...
cf-fgdgwdvbs.com (Betabot http botnet hosted by server4.pro)
Resolved cf-fgdgwdvbs.com to 37.221.161.200 Server: cf-fgdgwdvbs.com Gate file: /content/design/in/images/ads/banner/order.php Alternate domains: (Currently registered) h1gh.to (Currently unregistered) vbt-one.bizchf-dfgsdfgplace.netded-rrwqwzjzjris.comseb-api.netswrgfderthgikhoplk.info greahthrhdse.infosab-rehrgfgdfg.org Hosting infos: http://whois.domaintools.com/37.221.161.200 Related md5s (Search on Malwr.com to download samples) Betabot: 4ecb1746a7a5b54d83f4b34cc23eb9fd
botbox.su (Snk Aspermod irc botnet hosted by scopehosts.com)
Resolved botbox.su to 95.211.187.5 Server: boxbot.su Port: 5050 Channel: #spm #spm :.s.a /104/115/120/99/34/45/56/57/52/38/57/20/21/36/21/45/36/56/44/32/50/49/107/97/8/67/102/120/ /104/115/120/99/34/45/56/57/52/38/57/20/21/36/21/45/36/56/44/32/50/49/ 481 408w4wf058939393020384493ds Hosting infos: http://whois.domaintools.com/95.211.187.5 Related md5s (Search on Malwr.com to download samples) Aspermod: a61efce0696000bc4f2ee3791918b02d
alhamad.biz (Solar http botnet hosted by softlayer.com)
Resolved alhamad.biz to 50.23.58.11 Server: alhamad.biz Gate file: /web/info.php Alternate domains (not currently registered): gilsoncherylfuelquest.bizburdickdoug-fuel.bizcallawayrickcanadian.bizcano-martintexas.bizcomptondeborah-exxon.bizdavenport-kirktexas.bizdearie-erin-international.bizdixon-christy-oklahoma.bizdonnellan-robert-2global.bizdoughertymichael-fhwa.bizdrewryamy-louisdreyfus.bizdudek-sabrina-nustarenergy.bizengelken-davidtank-management.bizfarishdanmurphy-oil.bizfelettoloucaboard.bizfitzgeraldjulian-sr2.biz It also tried to connect to a gate file hosted on a hacked site at hxxp://carriesbridalcollection.com/images/1/2/cart.php Hosting infos: http://whois.domaintools.com/50.23.58.11 Related md5s (Search on Malwr.com to download samples) Solar: f83706169037cf6da4bf04469428329a
updating-flash.cloudapp.net (Citadel banking malware hosted by Microsoft.com)
Resolved updating-flash.cloudapp.net to 137.116.247.7 Server: updating-flash.cloudapp.net Config file: /bleh/file.php Gate file: /bleh/gate.php Hosting infos: http://whois.domaintools.com/137.116.247.7 Related md5s (Search on Malwr.com to download samples) Citadel: b8010a8cce28c36dfb0cc1bcd87a5575
88.39mb samples
Another package with diferent samples for analysis purposes. Have fun. Samples
103.241.0.100(Citadel 1.3.5.1 hosted in Net Origin Group Pty Ltd)
Found by justaguy belgian pigs farmer lol. This is the install directory : hxxp://103.241.0.100/images/gallery/install/ This is the gate : hxxp://103.241.0.100/images/gallery/gate.php Here the sample Hosting infos: http://whois.domaintools.com/103.241.0.100
213.133.111.10(Ransomware hosted in Germany Nuremberg Hetzner Online Ag)
Here u can see the page where u are asked to pay via paysafecard for your illegal activities lol : http://213.133.111.10/panel/landing/gate.php Alot of directories are not protected so u can search for more. For the sample here Hosting infos: http://whois.domaintools.com/213.133.111.10
www.paloshke.org (Solar http botnet hosted by ghandi.net)
Resolved www.paloshke.org to 46.226.108.231 Server: www.paloshke.org Gate file: /index.php Alternate domains: www.bkcn.suwww.cahlr.comwww.rahmea.orgwww.businet.suwww.oscdfg.orgwww.monero.orgwww.webres.suwww.uwtriv.comwww.zmvnue.orgwww.oreape.comwww.xnighs.suwww.dvmnib.comwww.itmcff.orgwww.akwrzv.comwww.ivmqzc.orgwww.duvema.comwww.mtwogp.orgwww.hielah.comwww.apdekt.org Bitcoin mining infos: -a scrypt -s 20 –no-longpoll -q -o www2.oskefi.org:443 -u anonymous.1 -p -x Hosting infos: http://whois.domaintools.com/46.226.108.231 Related md5s Solar: eafe8ed59f752d7ae8240f3cdbc698f6