Month: September 2013

88.39mb samples

Another package with diferent samples for analysis purposes. Have fun. Samples

103.241.0.100(Citadel 1.3.5.1 hosted in Net Origin Group Pty Ltd)

Found by justaguy belgian pigs farmer lol. This is the install directory : hxxp://103.241.0.100/images/gallery/install/ This is the gate : hxxp://103.241.0.100/images/gallery/gate.php Here the sample Hosting infos: http://whois.domaintools.com/103.241.0.100

213.133.111.10(Ransomware hosted in Germany Nuremberg Hetzner Online Ag)

Here u can see the page where u are asked to pay via paysafecard for your illegal activities lol : http://213.133.111.10/panel/landing/gate.php Alot of directories are not protected so u can search for more. For the sample here Hosting infos: http://whois.domaintools.com/213.133.111.10

www.paloshke.org (Solar http botnet hosted by ghandi.net)

Resolved www.paloshke.org to 46.226.108.231 Server:  www.paloshke.org Gate file:  /index.php Alternate domains: www.bkcn.suwww.cahlr.comwww.rahmea.orgwww.businet.suwww.oscdfg.orgwww.monero.orgwww.webres.suwww.uwtriv.comwww.zmvnue.orgwww.oreape.comwww.xnighs.suwww.dvmnib.comwww.itmcff.orgwww.akwrzv.comwww.ivmqzc.orgwww.duvema.comwww.mtwogp.orgwww.hielah.comwww.apdekt.org Bitcoin mining infos:   -a scrypt -s 20 –no-longpoll -q -o www2.oskefi.org:443 -u anonymous.1 -p -x Hosting infos: http://whois.domaintools.com/46.226.108.231 Related md5s Solar: eafe8ed59f752d7ae8240f3cdbc698f6

cmeef.info (Solar http botnet hosted by ecatel.net)

Resolved cmeef.info to 93.174.94.64 Server:  cmeef.info Gate file:  /e6ct/index.php Hosting infos: http://whois.domaintools.com/93.174.94.64 Related md5s (Search on Malwr.com to download samples) Solar: 61fd4c9405e168557ab279c86131634b

kasvatus.org (Solar http botnet hosted by hetzner.de)

Resolved kasvatus.org to 176.9.36.18 Server:  kasvatus.org Gate file:  /solar/index.php Thanks to Xylitol for a link to the sample Hosting infos: http://whois.domaintools.com/176.9.36.18 Related md5s (Search on Malwr.com to download samples) Solar: 946c4683c72f59558d9a211a8d8971cc

haveityourway.pw (betabot http botnet hosted by Alibabahost.com)

Resolved haveityourway.pw to 103.31.187.77 Server:  haveityourway.pw Gate file:  /members/order.php Alternate domains (currently not registered): thebestway42.pwitsoktohaveityourway.comlosmejoresburgers1.com The first domain was only registered yesterday.  Hosting infos: http://whois.domaintools.com/103.31.187.77 Related md5s (Search on Malwr.com to download samples) Betabot: 3b0907c7bf881f8f5f9fa2190384d3dd

n18b7273u1j.in (Betabot http botnet hosted by worldstream.nl)

Resolved n18b7273u1j.in to 217.23.3.102 Server:  n18b7273u1j.in Gate file:  /M_jsh1/order.php Alternate domains: b19jdn167t.in This is betabot version 1.5. This is the second betabot 1.5 botnet I have found, but the other one was just a different path on an already posted botnet, so it wasn’t worth a new post. You may note that the domains used