Resolved boot.sx to 109.236.80.74 Server: boot.sx Gate file: /g4sg/order.php Alternate domain: illuminati.sx This betabot is quite interesting due to the bizarre crypter it uses. The crypter starts with a Winrar SFX archive. This dumps it’s contents in the users temp folder and starts the next layer, a vbs script. The vbs script runs a AutoITRead more...
fapncam.com (betabot hosted by Digitalocean.com)
Resolved fapncam.com to 192.81.216.12 Server: fapncam.com Gate file: /beta/order.php Alternate domains: update-silo.comproxypool.infofrizzcams.com Hosting infos: http://whois.domaintools.com/192.81.216.12 Related md5 (Download sample from Malwr.com) Betabot: 52435233bd228dfffc2a2c7e001f66c8
meziamussucemaqueue.su (Betabot http botnet hosted by sunnyvision.com)
Resolved meziamussucemaqueue.su to 124.248.205.104 Server: meziamussucemaqueue.su Gate file: /phpmiadmin/order.php Alternate domain: umbxd15896.su Bitcoin mining info: -o http://ypool.net:8080 -u Teolous.PTS_1 -p x Hosting info: http://whois.domaintools.com/124.248.205.104 Related md5s (Download sample from malwr.com) betabot: 670fa0a15754e1d67810eea73e890dad Bitcoin miner: e1aed5a5d729d37efca73602d8bc66e9 Bitcoin miner 2: a92403926113dd4b3a4d3e4c48eace66 EDIT: new mining info stratum+tcp://pool.d2.cc:3335 -u Hanito.bot -p 3fcua4
frineon.su (Smoke loader hosted by fastflux botnet)
Server: frineon.su Gate file: /forum/index.php Hosting info: ;; QUESTION SECTION: ;frineon.su. IN A ;; ANSWER SECTION: frineon.su. 150 IN A 91.188.52.67 frineon.su. 150 IN A 212.92.228.65 frineon.su. 150 IN A 109.200.244.121 frineon.su. 150 IN A 76.66.174.231 frineon.su. 150 IN A 98.218.49.187 frineon.su. 150 IN A 72.185.70.143 frineon.su. 150 IN A 72.185.199.204 frineon.su. 150 IN ARead more...
ajw555.myjino.ru (Madness DDOS botnet hosted by avguro.com)
Resolved ajw555.myjino.ru to 81.177.141.241 Server: ajw555.myjino.ru Gate file: /index.php This is the same domain as the previous madness botnet. Hosting info: http://whois.domaintools.com/81.177.141.241 Related md5s (Download sample from Malwr.com) Madness: c45034111810d1a56ba6b72acc63bdf5
dorblu99.net (WordPress bruteforcing botnet hosted by hetzner.de)
Resolved dorblu99.net to 88.198.17.49 Server: dorblu99.net Gate file: /cmd.php Hosting info: http://whois.domaintools.com/88.198.17.49 Related md5s (Download sample from Malwr.com) Malware: 1e8cd0f0f1702820c870302520bc0176
xylox.su (Betabot and Andromeda http botnets hosted by Panamaserver.com)
Resolved xylox.su to 190.123.45.12 Betabot Gate file: /forums/order.php Andromeda Gate file: /foo/image.php hosting infos: http://whois.domaintools.com/190.123.45.12 Related mds5 (Download samples from Malwr.com) Betabot: a670deb3dd6febfcfda8392305041657 Andromeda: 26c7885b95501af4da1ffa621f793027
shatteredwow.com (Betabot http botnet hosted by limestonenetworks.com)
Resolved shatteredwow.com to 63.143.49.122 Server: shatteredwow.com Gate file: /beta2/order.php Alternate domains: modbrandom.netsxyza.dyndns.wsseattleschools.cocnetwork.eltsa.comthex-net.com Hosting info: http://whois.domaintools.com/63.143.49.122 Related md5s (Download sample from Malwr.com) Betabot: e5a03d368fd4fca8b45c83a05dab6ced
nomoguz.su (Betabot http botnet hosted by fastflux)
Server: nomoguz.su Gate file: /SDF9his/yefgvrtu.php Alternate domain: cooncatcher245.com The same fastflux setup is also hosting this betabot. Hosting infos: ;; QUESTION SECTION: ;nomoguz.su. IN A ;; ANSWER SECTION: nomoguz.su. 131 IN A 5.165.17.205 nomoguz.su. 131 IN A 176.194.193.47 nomoguz.su. 131 IN A 66.231.16.101 nomoguz.su. 131 IN A 145.255.33.9 nomoguz.su. 131 IN A 188.0.98.100 nomoguz.su. 131Read more...
nigazz.com (Betabot http botnet hosted by besthosting.ua)
Resolved nigazz.com to 194.28.173.217 Server: nigazz.com Gate file: /neg/order.php Alterenate domain: niggazz.com Hosting infos: http://whois.domaintools.com/194.28.173.217 Related md5s (Download sample from Malwr.com) Betabot: 7355a0c56919550566ca50e33162f993