46.166.162.130(ngrBot hosted in Bulgaria Santrex Internet Services Ltd.)

Infos are from our anonymous friend http://www.exposedbotnets.com/2012/05/insomniaincorporatedhostinginfoinsomnia.html C&C Server: 46.166.162.130:1993 Server Password: Username: lvkkqub Nickname: n{DE|XPa}lvkkqub Channel: #ngrs (Password: scrt) Channeltopic: : Now talking in #ngrs Topic On: [ #ngrs ] [ ] Topic By: [ null ] Resolved : [dk1.zapto.org] To [109.169.61.117] dk1.zapto.org:6667 channel #bots owner of this is iDDoS@pie69 he’s using no-ip for

vps33.max-vps.net(Insomnia Bot hosted in France Ovh Systems)

Resolved : [vps33.max-vps.net] To 13[178.33.88.93] Clients: I have 570 clients and 0 servers Local users: Current Local Users: 570 Max: 1666 Global users: Current Global Users: 570 Max: 1345 IRC Server HOST, PORT: vps33.max-vps.net 8745 channel: #insomnia Insomnia exe: http://uppit.com/oovmmjteut38/irc.rar this is another contribution from anonymous guy all credits go to him Pass: infected hosting

87mb malware samples

This package contains irc bots,banking trojans,linux shells-bots,coin miners etc have fun exploring them Download Download

x0r.xxxisniperixxx.cn(ngrBot hosted in United States New York City Digital Ocean)

Resolved : [x0r.xxxisniperixxx.cn] To [69.55.55.149] Remote Host Port Number x0r.xxxisniperixxx.cn 51987 PASS Virus NICK VirUs-qkrcdlij. USER VirUs “” “vxs” : .8,1..8Coded .4By .8AhmedRamzey@Hotmail.Com Clients: I have 576 clients and 0 servers Local users: Current Local Users: 576 Max: 691 Global users: Current Global Users: 576 Max: 691 Join #Aryan hosting infos: http://whois.domaintools.com/69.55.55.149

aaa1adasadasda444.net(Andromeda Bot hosted in Czech Republic Prague Casablanca Int)

Resolved : [aaa1adasadasda444.net] To [217.11.251.173] Traffic – by DNS 4 domain found Country Domain IP CZ aaa1adasadasda444.net 217.11.251.173 CZ aaa1kjsadhasiodo.com 217.11.251.173 CZ aaa1lilililili.com 217.11.251.173 CZ aaa1skjadsdaskld.net 217.11.251.173 Traffic – by URL 4 outbound URL connection found URL aaa1adasadasda444.net/admin/image.php aaa1kjsadhasiodo.com/admin/image.php aaa1lilililili.com/admin/image.php aaa1skjadsdaskld.net/admin/image.php Strings from executable: Processes: PID ParentPID User Path ————————————————– 3324 3144 xxxx-xxx:xxx C:WINDOWSsystem32wuauclt.exe Ports:

j.rania-style.com(ngrBot hosted in China Beijing Chinanet Hunan Province Network)

3 domains are used to control bots: j.rania-style.com active j.symtec.us not active j.idolmovies.com not active Resolved : [j.rania-style.com] To [175.6.1.159] Resolved : [j.rania-style.com] To [122.226.202.221] Resolved : [j.rania-style.com] To [117.21.224.29] Resolved : [j.rania-style.com] To [121.61.118.106] C&C server: j.rania-style.com:1888 j.rania-style.com:6971 Traffic – by DNS 14 domain found Country Domain IP US 113890url.displayadfeed.com 66.45.56.124 US myvideos.stream-free-movies-online.com 66.45.56.124