110Mb Malware Samples

Included in this package phoenix bot sample,autumn bot,ngrbot et diferent trojans bankers passwd stealers etc have fun Download: http://adf.ly/2yECh

91.121.204.203(ngrBot hosted in France Ovh Systems)

Remote Host Port Number 199.15.234.7 80 83.233.33.6 80 91.121.204.203 7475 PASS secret NICK n{US|XPa}evnyvvc USER evnyvvc 0 0 :evnyvvc PONG :80096D0 JOIN ##n secret PRIVMSG ##n :[DNS]: Blocked 1310 domain(s) – Redirected 0 domain(s) hosting infos: http://whois.domaintools.com/91.121.204.203

salihweb.netirc botnet hosted in United Kingdom Redstation Limited)

Remote Host Port Number 199.15.234.7 80 31.3.224.246 7777 PASS secret 31.3.224.246 3030 PASS secret NICK New{US-XP-x86}4665444 USER 4665444 “” “4665444” :4665444 MODE New{US-XP-x86}4665444 +iMm JOIN #secret secret PONG :irc.priv8net.com hosting infos: http://whois.domaintools.com/31.3.224.246

199.167.193.215(ngrBot hosted in United States Yonkers Webrulon Llc)

Remote Host Port Number 199.15.234.7 80 199.167.193.215 6567 PASS hell16 Clients: I have 453 clients and 0 servers Local users: Current Local Users: 453 Max: 1014 Global users: Current Global Users: 453 Max: 1002 NICK n{US|XPa}hkdmmjt USER hkdmmjt 0 0 :hkdmmjt JOIN #cont ngrBot hosting infos: http://whois.domaintools.com/199.167.193.215

irc.hackt.org(Aryan bot hosted in United States Douglas 123systems Solutions)

irc.hackt.org DNS_TYPE_A 64.31.25.127 64.31.25.127:6667 Nick: [AUT|629128] Username: 9857 Joined Channel: #aryan Private Message to Channel #aryan: “.die” Private Message to Channel #aryan: “haha” Private Message to Channel #aryan: “.remove” Private Message to Channel #aryan: “dat not mine” Private Message to Channel #aryan: “hi” Private Message to Channel #aryan: “get outa hur” Private Message to Channel

61.31.99.67(irc botnet hosted in Taiwan Taipei Taiwan Fixed Network Co. Ltd)

Remote Host Port Number 199.15.234.7 80 63.223.121.212 80 85.214.46.98 80 61.31.99.67 1863 61.31.99.67 4042 NICK new[USA|XP|COMPUTERNAME]ncsrmcq USER xd “” “lol” :xd JOIN #newbiz# PONG 422 * The data identified by the following URLs was then requested from the remote web server: o http://api.wipmania.com/ o http://www.4freeimagehost.com/uploads/a8dfab5dd1c0.jpg o http://85.214.46.98/test/new.exe o http://85.214.46.98/test/biz.exe hosting infos: http://whois.domaintools.com/61.31.99.67

31.3.254.125(irc botnet hosted in United Kingdom Redstation Limited)

Remote Host Port Number 31.3.254.125 6667 NICK new[iRooT-XP-USA]049101 USER 0491 “” “TsGh” :0491 JOIN #abece WTF PRIVMSG #abece : 04[P2P Spread]: 09Injecting into P2P Shared Folders… PONG :HTTP1.4 hosting infos: http://whois.domaintools.com/31.3.254.125

219.98.181.47(ngrBot hosted in Japan Tokyo So-net Service)

Remote Host Port Number 199.15.234.7 80 83.233.33.6 80 219.98.181.47 4244 PASS stark PRIVMSG #Nh :[DNS]: Blocked 1310 domain(s) – Redirected 0 domain(s) NICK n{US|XPa}riqmriq USER riqmriq 0 0 :riqmriq JOIN #Nh NhG PRIVMSG #nh :[HTTP]: Updated HTTP spread interval to “3” PRIVMSG #nh :[HTTP]: Updated HTTP spread message to “Estas foto es tuyo? 😀 http://ho.io/p8zn?=www.facebook.com/profile/4373748”