Tag: beta bot

iappleblog.net (Betabot http botnet hosted by ubris-hosting.com)

By I_Post_Ur_Info, January 16, 2014
Uncategorized

Resolved iappleblog.net to 37.9.55.98 Server:  iappleblog.net Gate file:  /img/beta/order.php Alternate domains: iapplegeek.com androidistore.net This is the first betabot 1.7 I’ve seen in the wild. Thanks to Xylitol for the C&C info. Looks like the network signatures need to be updated Hosting info: http://whois.domaintools.com/37.9.55.98 Related md5s (Download sample from Malwr.com) Betabot: 5f3b16af36bfa193a222222035c7321c

uploadwith.me (Betabot http botnet hosted by datashack.net)

By I_Post_Ur_Info, January 2, 2014
Uncategorized

Resolved uploadwith.me to 63.141.233.107 Server:  uploadwith.me Gate file:  /ashg653/order.php Alternate domain: strike-file-hosting.us Hosting info:  http://whois.domaintools.com/63.141.233.107 Notice anything interesting about this IP? CustName: Chris Gravenstein Address: 201 E. 16th st City: North Kansas City StateProv: MO PostalCode: 64116 Country: US RegDate: 2013-10-21 Updated: 2013-10-21 Ref: http://whois.arin.net/rest/customer/C04738525 That’s right, Chris Gravenstein, aka digital has managed to topRead more...

boot.sx (Betabot http botnet hosted by worldstream.nl)

By I_Post_Ur_Info, December 30, 2013
Uncategorized

Resolved boot.sx to 109.236.80.74 Server:  boot.sx Gate file:  /g4sg/order.php Alternate domain: illuminati.sx This betabot is quite interesting due to the bizarre crypter it uses. The crypter starts with a Winrar SFX archive. This dumps it’s contents in the users temp folder and starts the next layer, a vbs script. The vbs script runs a AutoITRead more...

fapncam.com (betabot hosted by Digitalocean.com)

By I_Post_Ur_Info, December 29, 2013
Uncategorized

Resolved fapncam.com to 192.81.216.12 Server:  fapncam.com Gate file:  /beta/order.php Alternate domains: update-silo.comproxypool.infofrizzcams.com Hosting infos: http://whois.domaintools.com/192.81.216.12 Related md5 (Download sample from Malwr.com) Betabot: 52435233bd228dfffc2a2c7e001f66c8

meziamussucemaqueue.su (Betabot http botnet hosted by sunnyvision.com)

By I_Post_Ur_Info, December 7, 2013
Uncategorized

Resolved meziamussucemaqueue.su to 124.248.205.104 Server:  meziamussucemaqueue.su Gate file:  /phpmiadmin/order.php Alternate domain:  umbxd15896.su Bitcoin mining info: -o http://ypool.net:8080 -u Teolous.PTS_1 -p x  Hosting info: http://whois.domaintools.com/124.248.205.104 Related md5s (Download sample from malwr.com) betabot: 670fa0a15754e1d67810eea73e890dad Bitcoin miner: e1aed5a5d729d37efca73602d8bc66e9 Bitcoin miner 2:  a92403926113dd4b3a4d3e4c48eace66 EDIT: new mining info stratum+tcp://pool.d2.cc:3335 -u Hanito.bot -p 3fcua4 

nomoguz.su (Betabot http botnet hosted by fastflux)

By I_Post_Ur_Info, November 26, 2013
Uncategorized

Server:  nomoguz.su Gate file:  /SDF9his/yefgvrtu.php Alternate domain: cooncatcher245.com The same fastflux setup is also hosting this betabot. Hosting infos: ;; QUESTION SECTION: ;nomoguz.su. IN A ;; ANSWER SECTION: nomoguz.su. 131 IN A 5.165.17.205 nomoguz.su. 131 IN A 176.194.193.47 nomoguz.su. 131 IN A 66.231.16.101 nomoguz.su. 131 IN A 145.255.33.9 nomoguz.su. 131 IN A 188.0.98.100 nomoguz.su. 131Read more...

fpsfreedom.net (Betabot http botnet hosted by alibabahost.com)

By I_Post_Ur_Info, November 24, 2013
Uncategorized

Resolved fpsfreedom.net to 37.221.170.65 Server:  fpsfreedom.net Gate file:  /order.php This seems to be used for increasing website and video stream views, opening up the page hxxp://www.fpsguides.com/hidden in three hidden internet explorer windows. Hosting infos: http://whois.domaintools.com/37.221.170.65 Related md5s (Download sample from Malwr.com) Betabot: 8cc7c93530430201871f07f1be3a26e6