hosted in Bulgaria Santrex Internet Services Ltd.)

Infos are from our anonymous friend http://www.exposedbotnets.com/2012/05/insomniaincorporatedhostinginfoinsomnia.html C&C Server: Server Password: Username: lvkkqub Nickname: n{DE|XPa}lvkkqub Channel: #ngrs (Password: scrt) Channeltopic: : Now talking in #ngrs Topic On: [ #ngrs ] [ ] Topic By: [ null ] Resolved : [dk1.zapto.org] To [] dk1.zapto.org:6667 channel #bots owner of this is iDDoS@pie69 he’s using no-ip for

vps33.max-vps.net(Insomnia Bot hosted in France Ovh Systems)

Resolved : [vps33.max-vps.net] To 13[] Clients: I have 570 clients and 0 servers Local users: Current Local Users: 570 Max: 1666 Global users: Current Global Users: 570 Max: 1345 IRC Server HOST, PORT: vps33.max-vps.net 8745 channel: #insomnia Insomnia exe: http://uppit.com/oovmmjteut38/irc.rar this is another contribution from anonymous guy all credits go to him Pass: infected hosting

87mb malware samples

This package contains irc bots,banking trojans,linux shells-bots,coin miners etc have fun exploring them Download Download

x0r.xxxisniperixxx.cn(ngrBot hosted in United States New York City Digital Ocean)

Resolved : [x0r.xxxisniperixxx.cn] To [] Remote Host Port Number x0r.xxxisniperixxx.cn 51987 PASS Virus NICK VirUs-qkrcdlij. USER VirUs “” “vxs” : .8,1..8Coded .4By .8AhmedRamzey@Hotmail.Com Clients: I have 576 clients and 0 servers Local users: Current Local Users: 576 Max: 691 Global users: Current Global Users: 576 Max: 691 Join #Aryan hosting infos: http://whois.domaintools.com/

aaa1adasadasda444.net(Andromeda Bot hosted in Czech Republic Prague Casablanca Int)

Resolved : [aaa1adasadasda444.net] To [] Traffic – by DNS 4 domain found Country Domain IP CZ aaa1adasadasda444.net CZ aaa1kjsadhasiodo.com CZ aaa1lilililili.com CZ aaa1skjadsdaskld.net Traffic – by URL 4 outbound URL connection found URL aaa1adasadasda444.net/admin/image.php aaa1kjsadhasiodo.com/admin/image.php aaa1lilililili.com/admin/image.php aaa1skjadsdaskld.net/admin/image.php Strings from executable: Processes: PID ParentPID User Path ————————————————– 3324 3144 xxxx-xxx:xxx C:WINDOWSsystem32wuauclt.exe Ports:

j.rania-style.com(ngrBot hosted in China Beijing Chinanet Hunan Province Network)

3 domains are used to control bots: j.rania-style.com active j.symtec.us not active j.idolmovies.com not active Resolved : [j.rania-style.com] To [] Resolved : [j.rania-style.com] To [] Resolved : [j.rania-style.com] To [] Resolved : [j.rania-style.com] To [] C&C server: j.rania-style.com:1888 j.rania-style.com:6971 Traffic – by DNS 14 domain found Country Domain IP US 113890url.displayadfeed.com US myvideos.stream-free-movies-online.com