(WordPress brute forcing botnet hosted by it7.net)

Port:  22503 (note, this is not irc based)

This is one of the various botnets attempting to bruteforce wordpress blogs. It works pretty fast, during a short run on the malwr.com sandbox it attempted to login to 981 different blogs, all with domains starting with exp.
Since malwr.com only allows the sample uploader to download the pcap file, I’ve uploaded it here:

Hosting infos: http://whois.domaintools.com/

Related md5s (Search on malwr.com to download the samples)
Brute bot: fa06bddf0e5fc62a487bc38399d347ed

Categories: Uncategorized

1 Comment

Anonymous - August 22, 2013 at 12:24 am

Pretty cool bot. Better than the usual athena beta shit seen around here. Never really come across these often.

Comments are closed