Thnx to Xylitol for sending me the first sample and helping to find more abt this botnet. The net is probably more then 100k bots and u cant connect via mIRC, i dont know if u can with HexChat. But here we are this time snk protected this bot with Steganos Live Encryption Engine. snkRead more...
trik.su (Snk aspermod irc botnet hosted by midphase.com)
Resolved trik.su to 174.127.123.4 Server: trik.su Port: 5050 Channel: #trk #trk :.j #upd .u trk2 /120/126/99/107/25/61/37/112/72/120/110/67/113/123/122/115/35/64/118/114/35/123/85/74/78/111/125/83/8/55/46/39/32/63/42/55/63/35/44/11/42/38/32/37/120/110/121/ Channel: #upd #upd :.u trk2 /120/126/99/107/25/61/37/103/86/99/120/83/100/118/123/98/98/13/108/108/35/123/85/74/15/107/97/69/ Hosting info: http://whois.domaintools.com/174.127.123.4 Related md5s (Download samples from Malwr.com) Aspermod: 1f876d3830527f22f84205069695d3d2
botbox.su (Snk Aspermod irc botnet hosted by scopehosts.com)
Resolved botbox.su to 95.211.187.5 Server: boxbot.su Port: 5050 Channel: #spm #spm :.s.a /104/115/120/99/34/45/56/57/52/38/57/20/21/36/21/45/36/56/44/32/50/49/107/97/8/67/102/120/ /104/115/120/99/34/45/56/57/52/38/57/20/21/36/21/45/36/56/44/32/50/49/ 481 408w4wf058939393020384493ds Hosting infos: http://whois.domaintools.com/95.211.187.5 Related md5s (Search on Malwr.com to download samples) Aspermod: a61efce0696000bc4f2ee3791918b02d
spambox.su (snk aspermod irc botnet hosted by Cityline Ltd)
Resolved spambox.su to 95.215.70.66 Server: spambox.su Port: 5050 Channel: #b600 Now talking on #b600 Topic for #b600 is: .j #sendingTopic for #b600 set by x (Sat Aug 10 05:38:20 2013) Hosting infos: http://whois.domaintools.com/95.215.70.66 Related md5s (search on malwr.com to download samples): Asper mod b1abf1aaa62115c53184e34190aa114e
srv1.su (Betabot http botnet hosted by softronics.ch)
Resolved srv1.su to 94.242.198.65 Server: srv1.su Gate file: /b/order.php Everyone should congratulate snk, who has taken his first baby steps into the 21st century by using a http bot. Unfortunately for him he chose to use the l33t Hackforums bot Betabot with a 1mb stub Autoit crypter, but I guess he can only manage toRead more...
92.243.77.139 (Pony loader hosted by infobox.ru)
Server: 92.243.77.139 Gate file: /Panel/gate.php Related md5s (search on malwr.com to download the samples): 160419b4c5f8415b41fb23e99be12b19 Hosting infos: http://whois.domaintools.com/92.243.77.139
srv1.su(snk’s botnet hosted in Luxembourg Steinsel Root Sa)
The bot is downloaded by this autoit sample: hxxp://sglegacy.com/AA/dava.exe wich looks like http autoit downloader login here: hxxp://www.sglegacy.com/AA/index.php/login another sample downloaded from the dava.ese is this: hxxp://la-majeur.com/images/beta.exe( Betabot) here dava.exe decompiled: $at2 = "0" $at5 = 0 $at1 = "0" $at3 = "0" $avm = "0" $asb = "0" $at4 = "0" #NoTrayIcon #Region #AutoIt3Wrapper_UseUpx=nRead more...
srv5.su (snk asper mod irc botnet hosted by softronics.ch)
Resolved srv5.su to 94.242.198.64 Server: srv5.su Port: 5050 Channel: #ok #ok :.j #spr .j #lock .j #spam #ok :.d p /100/97/111/124/49/59/47/49/63/38/38/23/37/49/49/41/42/46/40/37/47/36/57/127/114/105/119/81/50/105/98/117/ Downloads hxxp://94.242.198.64/4/smart.exe Channel: #spr #spr :.d x /100/97/111/124/49/59/47/49/63/38/38/23/37/49/49/41/42/46/40/37/47/36/57/127/111/122/100/11/121/116/127/ Downloads hxxp://94.242.198.64/4/spra.exe Channel: #lock #lock :.d l /100/97/111/124/49/59/47/49/63/38/38/23/37/49/49/41/42/46/40/37/47/36/57/96/112/107/110/11/121/116/127/ Downloads hxxp://94.242.198.64/4/lock.exe (winlocker) Channel: #spam #spam :.s.a /100/97/111/124/49/59/47/49/63/38/38/23/37/49/49/41/42/46/40/37/47/36/57/111/119/109/102/78/50/105/98/117/ /100/97/111/124/49/59/47/49/63/38/38/23/37/49/49/41/42/46/40/37/47/36/57/57/48/ 49 meeisodf Alternate domain: srv50.su Hosting infos: http://whois.domaintools.com/94.242.198.64
x01bkr2.biz (snk asper mod irc botnet hosted by buyurl.net, alibabahost.com)
Resolved x01bkr2.biz to 94.242.237.128, 37.221.170.208 Server: x01bkr2.biz Port: 4723 Channel: #o.O Topic for #o.O is: .dl hxxp://www.mediafire.com/download.php?dqr1p0wz8tpz9tz | .dl hxxp://www.mediafire.com/download.php?uqqhg3equchc7bd Topic for #o.O set by SpliT at Sat Apr 27 17:57:29 2013 The skype spreader downloads messages from hxxp://waxortraxe.org/icon.jpg Alternate domains: zr0x1b9.biz xkzykxb.biz xeyaz.biz Hosting infos: http://whois.domaintools.com/94.242.237.128 Hosting infos: http://whois.domaintools.com/37.221.170.208 EDIT: snk is now desperatelyRead more...
x1x4x0.su (snk asper mod irc botnet hosted by oneandone.net)
Server: x1x4x0.su (alternate domain phorpiex.su) Port: 5050 Channel: #b Topic for #b is: .j #m .d /100/97/111/124/49/59/47/96/100/124/114/74/123/122/46/115/125/109/49/117/108/63/39/53/40/48/51/16/45/62/35/63/69/107/55/34/37/35/17/44/83/85/100/110/108/61/108/114/122/10/73/102/97/114/ Topic for #b set by x at Mon Mar 11 12:15:31 2013 Topic for #m is: .s.a /100/97/111/124/49/59/47/58/58/63/58/18/33/47/46/34/35/51/48/34/53/63/102/121/115/105/43/64/100/105/ /100/97/111/124/49/59/47/58/58/63/58/18/33/47/46/34/35/51/48/34/53/63/ 327 pul4rn0t Topic for #m set by x at Mon Mar 11 12:15:41 2013 Channel: #i Sample:hxxp://217.160.213.35/pula.exe Hosting infos:Read more...