florasister.com (Ice-9 banking malware hosted by neoweb.ru)

By I_Post_Ur_Info, April 8, 2013

Resolved florasister.com to 81.176.232.201

Server: florasister.com
Gate file: gigling.php
(backup hxxp://forandroid.tk/yandex.php (suspended))

Sites checked for configs (no droppers appear to be live):
hxxp://www.jcurve.com/templates/beez/params.php
hxxp://www.ivemon.es/templates/beez/params.php
hxxp://www.justicecameroun.com/templates/beez/params.php
hxxp://www.jackwalshcarpets.com/Joomla/templates/beez/params.php
hxxp://www.kocaelidho.org.tr/templates/beez/params.php
hxxp://www.moraditrade.com/en/templates/beez/params.php
hxxp://www.mm-nn.com/main/templates/beez/params.php
hxxp://www.jakmurowane.pl/templates/beez/params.php

Also attempted to connect to bigdealworked.com on port 9702

Hosting infos: http://whois.domaintools.com/81.176.232.201

Categories: Uncategorized

Tags: ice9

Previous posteuclid.es(BetaBot hosted in Ukraine Kharkiv Infium Ltd)

Next postmr7x0728.biz (Betabot http botnet hosted by alibabahost.com)

dreiansc.ws (Ice 9 banking malware hosted by vps.ua)

runawaswarm.ru (Ice 9 banking malware hosted by hc.ru)

bootcamp4wealth.com (Ice 9 banking malware hosted by wiredtree.com)