Server: 74.121.150.39
Port: 22503 (note, this is not irc based)
This is one of the various botnets attempting to bruteforce wordpress blogs. It works pretty fast, during a short run on the malwr.com sandbox it attempted to login to 981 different blogs, all with domains starting with exp.
Since malwr.com only allows the sample uploader to download the pcap file, I’ve uploaded it here:
http://www.sendspace.com/file/pjks1z
http://rghost.net/48283874
Hosting infos: http://whois.domaintools.com/74.121.150.39
Related md5s (Search on malwr.com to download the samples)
Brute bot: fa06bddf0e5fc62a487bc38399d347ed
Anonymous - August 22, 2013 at 12:24 am
Pretty cool bot. Better than the usual athena beta shit seen around here. Never really come across these often.