Friday 1 February 2013

64.85.233.8

bl4kj.zapto.org - astound-64-85-233-8.ca.astound.net - 64.85.233.8
http://vxvault.siri-urz.net/ViriList.php?s=0&m=40&IP=64.85.233.8
http://malwaredb.malekal.com/index.php?domaine=64.85.233.8
http://www.phishtank.com/phish_detail.php?phish_id=1718067

Malware lists:
http://pastebin.com/rp9u4Bzd
Found also my 'ransom unlocker' php, SpyEye loader and a folder named 'Xylibot' with some malicious php...
I don't know who you are but:


Finally started to use my Raspberry Pi.

3 comments:

  1. m not a crefitcard thief or blackhat, im in-between since I break bad servers and hijack their nets and delete bots. Everything I download is to test and disasemble. Normally, port 80 is not forwarded but I changed it a while ago and forgot to remove it.

    I managed to copy a new blackhole2.1 panel and smokeloader2.0 panel (or something newer than the crappy one I disclosed the sql injection in) right before you helpfully chmod 777 my box. There was cridex and styxx on there as well but I couldnt get them. I'll upload the other two to openws.sc

    And the folder named xylibox was for samples I found through this blog.

    ReplyDelete
  2. aww, i'm so sorry i tought you was a kid who try to infect people with everything he got in hands.
    i still wonder how you appeared on malware trackers..?!

    ReplyDelete
  3. there's a few possibilites for that. I did test some samples for project at work between our servers, hosting the files on our website (ot-ocn.com) temporarily and on our korean counterparts. A host I owned was hijacked recently and login changed. This was before smoke had a cracked builder and I had already found the sqli in the guest panel and pissed the same russian "hecker" off. But I think the of botnets and mice blog was the first, dunno. But some good came of it! I found a login bypass for pony and stealer log disclosure on citadel yesterday against the same group (they were on galokimannos.com until now) that was using my old domain name. I'm pretty impressed with the constant flux in bots they have --between 100-5000 depending on the day, almost all russian and ukrainian xp workstations.

    Oh, not to mention this :p

    http://vxvault.siri-urz.net/ViriList.php?s=2=&m='1

    ReplyDelete