31.31.77.195(lightaidra Router Botnet hosted in Czech Republic Hluboka Nad Vltavou Wedos Internet A.s.)

This bot infects routers
Credits to x00

31.31.77.195:5060

Current Local Users: 2528 Max: 2534
Current Global Users: 2528 Max: 2534

Now talking in #sc4n
Topic: .sc4n->random->b root admin
Topic: Set by [infected (unknown address)] at (Mon May 06 02:31:20 2013)
#sc4n x00 @Albert-Wesker @infected

  1. 400 linux bots
  2.  
  3. http://ircqk.nixhosting.org/conf/mel
  4.  
  5. x00@x00 /tmp $ file mel
  6. mel: ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
  7.  
  8. servers :
  9. 175.107.185.54:6667
  10. 199.195.193.101:6667
  11. irc.byroe.net:6667
  12.  
  13. hosted on a public irc server i see ๐Ÿ˜€
  14. i have some too lol
  15.  
  16. host lock
  17. *@johnnyknoxville.de
  18.  
  19.  
  20. payload
  21. http://ircqk.nixhosting.org/conf/getbinaries.sh
  22.  
  23. chann +k
  24. #knoxnet r0lling
  25.  
  26.  
  27. [02:18] * Now talking in #knoxnet
  28. [02:18] [ยค] Topic: .advscan->random root admin
  29. [02:18] [ยค] Topic: Set by [knoxville (unknown address)] at (Thu Mar 21 10:24:14 2013)
  30. [02:18] โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”โ€”

hosting infos:
http://whois.domaintools.com/31.31.77.195

Categories: Uncategorized