mal-labs.asia (Andromeda http botnet hosted by United States Denver Fdcservers.net)

Resolved mal-labs.asia to 37.221.170.238

Server:   mal-labs.asia
Gate file:  image.php
Plugins:
Rootkit  mal-labs.asia/plugins/r.pack
Formgrabber   mal-labs.asia/plugins/f.pack
   Gate file:  fg.php

This is the file Paradoxun was running on his bots (cachke.exe).

Hosting infos: http://whois.domaintools.com/37.221.170.238

Categories: Uncategorized