62.76.179.167 (Betabot http botnet hosted by clodo.ru)

By I_Post_Ur_Info, November 12, 2013

Server: 62.76.179.167
Gate file: /ateb/order.php

backup IP/Domains: 85.143.166.167
nns4fgc284dcnaz.us (Sinkholed by Anubis networks)
nn3dv00gsvdaqv.us

Downloads gameover zeus and necurs rootkit from the same IP.

Hosting infos: http://whois.domaintools.com/62.76.179.167

Related md5s (Download samples from Malwr.com)
Betabot:
af43ea0fc92ef858f0d86836c851df08
Gameover Zeus: 97496e1e10a0242ab78651a3cb2fce42
Necurs: 6e66daf2457fc549905d89549b1ed3b3

Categories: Uncategorized

Tags: beta bot

Previous posteboarivan.pw (Betabot http botnet hosted by digitalocean.com)

Next postnedfistoloco.su (betabot http botnet hosted by ecatel.net)

1 Comment

bosko - November 14, 2013 at 4:35 am

Found a botnet…
37.221.170.29:4812

There are 5918 users and 5918 invisible on 7 servers
5915 unknown connection(s)
78 channels formed
I have 21 clients and 0 servers
–
Current local users: 5918 Max: 9861
Current global users: 5918 Max: 9861

It's flash irc bot i think bots have Flash at beginning.

channels:
#worldwarz
#snails
#six

sinsec.net (Betabot http botnet hosted by alibabahost.com)

api.wifi-update.biz (Betabot http botnet hosted by oneandone.net)

frizzcams.com (Betabot http botnet hosted by Balticservers.com)

1 Comment

bosko - November 14, 2013 at 4:35 am

Comments are closed