Sample here : hxxp://farawayer.ru/chibum/fire/blessing/micro.exe Panel : http://farawayer.ru/chibum/fire/blessing/gate.php All the rest here : http://farawayer.ru/chibum/fire/blessing/ Hosting Infos : http://whois.domaintools.com/91.227.68.183
Ransom_HPCERBER.SMONT4(Hosted in France ASN: 16276 (OVH SAS)
Contacts servers via udp : “178.33.158.0:6893” “178.33.158.1:6893” “178.33.158.2:6893” “178.33.158.3:6893” “178.33.158.4:6893” “178.33.158.5:6893” “178.33.158.6:6893” “178.33.158.7:6893” “178.33.158.8:6893” “178.33.158.9:6893” “178.33.158.10:6893” “178.33.158.11:6893” “178.33.158.12:6893” “178.33.158.13:6893” “178.33.158.14:6893” “178.33.158.15:6893” “178.33.158.16:6893” “178.33.158.17:6893” “178.33.158.18:6893” “178.33.158.19:6893” execute command : “taskkill /f /im “c1.exe” > NUL & ping -n 1 127.0.0.1 > NUL & del “C:c1.exe” > NUL && exit” Sample here : hxxp://119.205.220.184/c.exe
220.181.87.80( Trik v2.5 bot By snk Hosted in China Beijing Chinanet Beijing Province Network)
Thnx to Xylitol for sending me the first sample and helping to find more abt this botnet. The net is probably more then 100k bots and u cant connect via mIRC, i dont know if u can with HexChat. But here we are this time snk protected this bot with Steganos Live Encryption Engine. snkRead more...
WisdomEyes(Hosted In Kazakhstan Almaty Ps Internet Company Llc)
Domain IP ejug.bjksfohseaguu.org 185.22.65.81 ipecho.net 146.255.36.1 rcelafy.bjksfohseaguu.org 185.22.65.81 plipjpuceco.bjksfohseaguu.org 185.22.65.81 uhewu.bjksfohseaguu.org 185.22.65.81 elqzujudynu.bjksfohseaguu.org 185.22.65.81 axonjcedep.bjksfohseaguu.org 185.22.65.81 wtfismyip.com 69.30.217.90 ydeji.bjksfohseaguu.org 185.22.65.81 ytarjrozi.bjksfohseaguu.org 185.22.65.81 sdyfigi.bjksfohseaguu.org 185.22.65.81 ycxjefssozo.bjksfohseaguu.org 185.22.65.81 wmizo.bjksfohseaguu.org 185.22.65.81 amozityxam.bjksfohseaguu.org 185.22.65.81 oxxh.bjksfohseaguu.org 185.22.65.81 ezizzhah.bjksfohseaguu.orgRead more...
avtobizz.ru(Locky Ransomware Hosted In Romania Craiova Nforce Entertainment B.v.)
Protected by cloudflare but not hard to find the hoster. avtobizz.ru 104.31.89.136 Use hxxp://www.skypeipresolver.net/cloudflare.php to find the real ip. Locky here is hosted by blazinfast.io Logs from infected computers and samples here : hxxp://213.108.44.167/logiplya/ Hosting Infos : http://whois.domaintools.com/185.11.145.10
serv6625.servep2p.com(Win32.Trojan.WisdomEyes Hosted In Colombia Bogota Unus Inc.)
Domain : serv6625.servep2p.com Port : 6625 Sample : hxxp://107.170.8.163/dwn/winsys.exe Hosting Infos : http://whois.domaintools.com/128.90.115.105
myfirstdatibon.ru(UDS:DangerousObject.Multi.Generic)
Domain : myfirstdatibon.ru domain: MYFIRSTDATIBON.RU nserver: ns1.uldiok.at. nserver: ns2.uldiok.at. nserver: ns3.uldiok.at. nserver: ns4.uldiok.at. state: REGISTERED, NOT DELEGATED, UNVERIFIED person: Private Person registrar: ARDIS-RU admin-contact: http://ardis.ru/whois/ created: 2016.02.20 paid-till:Read more...
eiqdfngoghledf.pw(Locky Ransomware Hosted In France ASN: 16276 OVH SAS)
Domains : eiqdfngoghledf.pw emijtrjhnrddoxr.org ofsrsykqd.pl whrilkltsrvggxsj.click fphnnnkaei.org ntdvwoousyc.pl kmarheql.info pobqrwoxltcy.pl eyetuesq.ru djxmxiahj.biz kdyoevbcxy.su ajqjdjblfdjti.work clsfnbwpekrxmcj.xyz qkpdsttc.pw ihxkjsgmloij.work rhiqtgs.info jbtnnvqkwakpitxk.pl awcweto.xyz URL’S : hxxp://93.170.131.108/submit.php hxxp://5.135.76.18/submit.php hxxp://82.146.37.200/submit.php Sample : hxxp://mundogostoso.com.br/zFN1Lg.exe Hosting infos : http://whois.domaintools.com/5.135.76.18
jcngtodnjlcr.it(Ransomware Locky Hosted In United Kingdom Belfast Barefruit Ltd.)
Domains : jcngtodnjlcr.it mneqmmunsee.us xdryy.uk awrobhtsxpmcro.tf boapooihhqkthvm.de gfyttdu.ru dpirlysijsbyy.pm whetujmpw.pm POSTs files to a webserver : “POST /main.php HTTP/1.1 Host: 5.34.183.136 Sample : hxxp://bitmeyenkartusistanbul.com/system/logs/87h754/fXBvKHcBd.exe Hosting Infos : http://whois.domaintools.com/92.242.144.2
zoreil.re(Dridex Hosted In France Carquefou Ligne Web Services Sarl)
Domains : host.operateur.me 87.106.111.99 zoreil.re 91.216.107.229 Host Port Host Protocol 1218 TCP Sample here : hxxp://placidi.fr/1.exe Hosting Infos : http://whois.domaintools.com/91.216.107.229