Samples are provided from this anonymous guy in this post http://www.exposedbotnets.com/2012/04/img196-imageshackushttp-malware-hosted.html
Resolved : [queerbag.com] To [22.214.171.124]
Control panel here http://queerbag.com/jow1z/ u ned user:pass to login
2 exe samples are in this directory http://queerbag.com/bot/
ourbot.exe conects to port 8000 tcp
There is another domain name user from this file
Resolved : [ugnazi.com] To [126.96.36.199]
here u will find greeting from ugnazi group with adolf’s picture
ps ugnazi=uglynazi lol
Anonymous - April 30, 2012 at 12:46 am
rooted his server.
Anonymous - April 30, 2012 at 12:55 am
Anonymous - April 30, 2012 at 1:38 am
Keeping you up to date on the ircs of mystical.
Anonymous - April 30, 2012 at 2:28 am
Posting some weird http bot. Connects to http://liilli.in. Also seems to hammer google with blank http requests. Don't know why.
Other domain (exact same weird shit on it) http://tonkman.w2c.ru/
Anonymous - April 30, 2012 at 2:49 am
New ircbot jessieandthetoyboys.com.br/cc_aryan_4-27.exe
Connects to yaboyyoshi.info:5500 or 6969 pass: none #aryan# none
All this bitcoin mining. It's out of control
Anonymous - April 30, 2012 at 9:44 pm
Hey, i see that you are having fun with my andros and ircs lol :).
Pig - April 30, 2012 at 9:54 pm
sure u are helping alot and i apreciate your work and help
feel free to post here anything u find irc bot samples,http malwares,p2p worms etc
Anonymous - May 2, 2012 at 8:57 pm
Hey i though you would like to take a look at the new http bot on the market here is a bin of it have fun.
Pig - May 2, 2012 at 9:29 pm
sure i m checking this now lol
Pig - May 2, 2012 at 10:30 pm
what's the name of this http bot ?
i found files downloaded and fake google chrome installed in the system from this sample
Anonymous - August 11, 2012 at 10:02 am