74.121.150.39 (WordPress brute forcing botnet hosted by it7.net)

By I_Post_Ur_Info, August 21, 2013

Server: 74.121.150.39
Port: 22503 (note, this is not irc based)

This is one of the various botnets attempting to bruteforce wordpress blogs. It works pretty fast, during a short run on the malwr.com sandbox it attempted to login to 981 different blogs, all with domains starting with exp.
Since malwr.com only allows the sample uploader to download the pcap file, I’ve uploaded it here:
http://www.sendspace.com/file/pjks1z
http://rghost.net/48283874

Hosting infos: http://whois.domaintools.com/74.121.150.39

Related md5s (Search on malwr.com to download the samples)
Brute bot: fa06bddf0e5fc62a487bc38399d347ed

Categories: Uncategorized

Tags: wordpress brute

Previous postns1.androha.com (Andromeda http botnet hosted by namecheap.com)

Next postirc.tskiller.com (Athena irc botnet hosted by scopehosts.com)

1 Comment

Anonymous - August 22, 2013 at 12:24 am

Pretty cool bot. Better than the usual athena beta shit seen around here. Never really come across these often.

cureit.pw (WordPress bruting botnet hosted by firstvds.ru)

google-analytics.pw (WordPress bruting botnet hosted by intermedia.md)

1 Comment

Anonymous - August 22, 2013 at 12:24 am

Comments are closed