Month: April 2012 Bot hosted in France Paris Ovh Systems)

Samples are provided from this anonymous guy in this post Resolved : [] To [] Control panel here u ned user:pass to login 2 exe samples are in this directory ourbot.exe conects to port 8000 tcp UPDATE: There is another domain name user from this file Resolved : [] To [] here http Bot hosted in Czech Republic Prague Casablanca Int)

This is one of samples uploaded by our anonymous friend in this post Resolved : [] To [] The control panel is here credits goes to anonymous guy for proving samples hosting infos: Miner malware hosted in Belgium Ict Ventures Bvba/sprl)

This is the second belgian hoster found hosting malwares that’s not good lol Again another great contribution from our anonymous friend wich i called malware because it uses infected machines to do what he does the bitcoin miner is downloaded from here it connects to svchost2.exe -o -u trap258_gwas -p himom 111 0 http malware hosted in

This is another contribution from our anonymous friend The sample here connects to to have acces to this panel u need user:passwd here feel free to brute it 🙂 from virustotal scan the file testandro.exe apears to be FUD there is another file downloaded wich from the name looks like rootkit hosted in Peru Datos)

Resolved : [] To [] C&C Server: Server Password: Username: wbunlkj Nickname: n{DE|XPa}wbunlkj Channel: #cpx (Password: nuifkr) Channeltopic: :~pu 4ad089d45ca43ecc9d99e93215e03f6f ~s -o ~s Downloaded url’s ( hosting infos: hosted in Netherlands Amsterdam Ecatel Ltd)

Resolved : [] To [] Remote Host Port Number 9835 Local users: Current Local Users: 710 Max: 1954 Global users: Current Global Users: 710 Max: 1954 NICK {US|XPa|x86}cxtrpuo USER {US|XPa|x86}cxtrpuo 0 0 :{US|XPa|x86}cxtrpuo JOIN #new JOIN #bull Now talking in #new Modes On: [ #new ] [ +sntl 75 ] Joins: {DE|W7a|x86}hssdpli [] hosting bots hosted in Spain Madrid Ovh Systems)

The bot used by heckers: <? /* * * #crew@corp. since 2003 * edited by: devil__ <> * * COMMANDS: * * .user <password> //login to the bot * .logout //logout of the bot * .die //kill the bot * .restart //restart the bot * .mail <to> <from> <subject> <msg> //send an email * .dns hosted in Netherlands Amsterdam Snel Internet Services B.v)

Remote Host Port Number 6667 PASS nopw NICK n{US|XPa}ubnrkxy USER ubnrkxy 0 0 :ubnrkxy PONG :92C7705D JOIN #ngr# ngrBot {NL|W7p}psvawzp) !v Quits: {NL|W7p}psvawzp [net-217320@E4422491.8D3F578B.324BA75E.IP] (User has been permanently banned from Codeleak (gtfo.)) lol snifers allready in The hecker runing this net ( Boing * ~#ngr# #codeleak * :Codeleak’s IRC * is away (Playing

122mb samples for analysing purposes

This package contains 122mb samples inside u have diferent irc bot samples(insomnia uncrypted),baking trojans,worms etc Only for analysing purposes Download Download Download