This package have alot of irc bots samples banking trojans linux bots samples are provided only for analysis purposes dont run them on your machine use vmware Source Source
188.190.126.79 (Silence 5 Winlocker hosted by infiumhost.com)
Server: 188.190.126.79 Gate file: /~rotten/lock1/picture.php First time I’ve seen someone use silence winlocker since the cracked multilocker was released. Hosting infos: http://whois.domaintools.com/188.190.126.79
hfgfr56745fg.com (Betabot http botnet hosted by ecatel.net)
Resolved hfgfr56745fg.com to 80.82.66.204 Server: hfgfr56745fg.com Gate file: /rem/order.php Brian Krebs on the login page It still crashes skype. Sample here A previous version of the bot was posted here. Hosting infos: http://whois.domaintools.com/80.82.66.204
lolwutirc.crabdance.com (Insomnia irc botnet hosted by rh.com.tr)
Resolved lolwutirc.crabdance.com to 176.53.26.205 Server: lolwutirc.crabdance.com Port: 6667 Channel: #bot123 Oper: [KyleFYI] (KyleFYI@Kyle123irc): …[KyleFYI] #bot123 [KyleFYI] irc.localhost.com :bytestyle symmetry[KyleFYI] is a Network Administrator[KyleFYI] is available for help. Hosting infos: http://whois.domaintools.com/176.53.26.205
filehelp.us (Various irc bots hosted by securedservers.com)
Resolved filehelp.us to 184.95.37.155 Athena Server: filehelp.us Port: 7200 Channel: #Athena Insomnia Server: filehelp.us Port: 4242 Channel: #insomnia Channel password: k6geyzs Dixie bot Server: filehelp.us Port: 4242 Channel: #DDoS# hxxp://filehelp.us/Panel/gate.php aryan bot 184.95.37.155:5557 Server Password: Username: 5644413 Nickname: New{DE-XP-x86}5644413 Channel: #aryan (Password: k6geyzs) Channeltopic: :.dl hxxp://filehelp.us/upload/files/bin.exe 1 Other samples here hxxp://filehelp.us/upload/ Opers are Vapor andRead more...
webingenial.com (ngrBot irc botnet hosted by hosting.ua)
Resolved webingenial.com to 178.86.13.79 Server: webingenial.com Port: 1865 Channel: #main Channel password: 4m3r1k4 Topic for #main is: .m on .mdns http://interactua.edu30.com/php.txt Topic for #main set by fuckoff at Thu Feb 07 10:32:31 2013 php.txt www.banamex.com 189.135.14.1 www.banamex.com.mx 189.135.14.1 banamex.com 189.135.14.1 banamex.com.mx 189.135.14.1 bancanet.boveda.banamex.com.mx 189.135.14.1 boveda.banamex.com.mx 189.135.14.1 www.bancanetempresarial.banamex.com.mx 189.135.14.1 Looks like he’s pharming for MexicanRead more...
fbicomputerservices.com (Multilocker 3 winlocker hosted by altushost.com)
Resolved fbicomputerservices.com to 37.46.125.111 Server: fbicomputerservices.com Gate file: /panel/mplock/lending/tds.php I’ve posted a winlocker on this ip before. Looks like he got a new domain and switched the directories up a bit. http://whois.domaintools.com/37.46.125.111
mom003.net (ngrBot irc botnet hosted by Serverius.com)
Resolved mom003.net to 185.12.14.102, 74.119.216.199 Server: mom003.net (other domains: mom002.net, mom004.net) Port: 1887 Server password: speedd Channel: #bon2 Channel password: speedd Topic for #xp is: ~dw hxxp://www.sendspace.com/pro/dl/1wzt65 e6bd0bd11484b27ca4f162421a4d423b ~dw hxxp://www.sendspace.com/pro/dl/a3he3l 3c2df1fd533d955c462faaaef03bab02 Topic for #xp set by google at Tue Feb 05 11:49:09 2013 Bots also join #XP, #W7 or #VIS depending on their operating system.Read more...
filestorage.ws (37.221.170.221) (Athena irc botnet hosted by voxility.net)
Resolved filestorage.ws to 157.101.50.101 => Athena l33t ip decryption => 37.221.170.221 Athena now comes with a tool to crypt the server ip so that the address the domain points to is not the correct one. A disgruntled customer has already released the crypting program so anyone who doesn’t have access to a binary can tryRead more...
olikdfg12.net (Paradise ddos botnet hosted by webtropia.com)
Resolved olikdfg12.net to 5.104.106.181 Server: olikdfg12.net Gate file: /poloki/bfg.php This is another ddos bot that has been attacking from the virustotal sandbox. Hosting infos: http://whois.domaintools.com/5.104.106.181