www.istanbulnakliyecileri.com (Andromeda http botnet hosted by ozkula.com.tr)

Uncategorized

Resolved www.istanbulnakliyecileri.com to 37.247.108.48 Server:  www.istanbulnakliyecileri.com Gate file:  /firmalar/and/image.php Plugins Rootkit:  hxxp://www.istanbulnakliyecileri.com/firmalar/and/r.pack Socks:  hxxp://www.istanbulnakliyecileri.com/firmalar/and/s.pack Formgrabber:  hxxp://www.istanbulnakliyecileri.com/firmalar/and/f.pack   Gate file:  hxxp://www.istanbulnakliyecileri.com/firmalar/and/fg.php This appears to be hosted on a hacked site. Hosting infos: http://whois.domaintools.com/37.247.108.48 Related md5s (search on malwr.com to download the samples): 8709c21be7d72c8ec8aaaa55ccc64b84

xogogo.org (Paradise ddos botnet hosted by adman.com)

Uncategorized

Resolved xogogo.org to 93.170.131.114 Server:  xogogo.org Gate file:  /par/bfg.php Hosting infos: http://whois.domaintools.com/93.170.131.114 Related md5s (search on malwr.com to download the samples): Paradise bot: 5724c61a33708b5fdefa3125ea32b2d0 EDIT: The botnet is currently attacking a site POST /par/bfg.php HTTP/1.1 Host: xogogo.org User-Agent: PARADISE Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10 status=get HTTP/1.1 200 OK Date: Tue, 28 May 2013 13:31:16Read more...

www.vbvx.com (Betabot http botnet hosted by ovh.net)

Uncategorized

Resolved  www.vbvx.com to 94.23.56.186 Server:  www.vbvx.com Gate file:  /remote/order.php Bitcoin mining info: Shell.exe” -o http://vbvx.com:8344 -u shubhank008_work -p plawasthi -t 0 -I 10 macromedia.exe” -o http://vbvx.com:8344 -u shubhank008_work -p plawasthi -g no -t 2 Looks like he’s running a mining proxy on his vps. Hosting infos: http://whois.domaintools.com/94.23.56.186 Related md5s (search on malwr.com to download theRead more...