74.121.150.39 (WordPress brute forcing botnet hosted by it7.net)

Server:  74.121.150.39
Port:  22503 (note, this is not irc based)

This is one of the various botnets attempting to bruteforce wordpress blogs. It works pretty fast, during a short run on the malwr.com sandbox it attempted to login to 981 different blogs, all with domains starting with exp.
Since malwr.com only allows the sample uploader to download the pcap file, I’ve uploaded it here:
http://www.sendspace.com/file/pjks1z
http://rghost.net/48283874

Hosting infos: http://whois.domaintools.com/74.121.150.39

Related md5s (Search on malwr.com to download the samples)
Brute bot: fa06bddf0e5fc62a487bc38399d347ed