Resolved skyline2050.net to 188.190.127.160 Server: skyline2050.net Gate file: /761994/gate.php This is andromeda 2.07, not the cracked 2.06. You can tell by the admin page located at /adm.php, not on the index page. The owner of this betabot is updating with this, abandoning the betabot. Mining infos: dum:dum@s5.6d6f6e65797072696e746572.com:3333 Hosting infos: http://whois.domaintools.com/188.190.127.160 Related md5s (search on malwr.comRead more...
s5.6d6f6e65797072696e746572.com (Betabot http botnet hosted by infiumhost.com)
Resolved s5.6d6f6e65797072696e746572.com to 188.190.127.160 Server: s5.6d6f6e65797072696e746572.com Gate file: /wp-admin/order.php Alternate domains: ripraktec147.com youdbeproud228.com wyomiriding928.com Mining info: svchost.exe’ -I 100 -T 200 -t 2 -o stratum+tcp://s2.6d6f6e65797072696e746572.com:3333 -u mp187.her -p lex Hosting infos: http://whois.domaintools.com/188.190.127.160 Related md5s (search on malwr.com to download the samples): Betabot: db9a816d58899f1ba92bc338e89f856a
diablothreecracked.in (Smokeloader hosted by Luxembourg Luxembourg Root Sa)
Resolved diablothreecracked.in to 94.242.199.145 Zain got himself a new smokeloader. Server: diablothreecracked.in Gate file: /index.php He left the zip containing the panel and original exe up on the host: hxxp://diablothreecracked.in/smoke.zip Here it is if he notices and takes it down hxxp://diablothreecracked.in/install.php is still up as well. Hosting infos: http://whois.domaintools.com/94.242.199.145
ultimatecore.info (Andromeda http bot hosted by Ukraine Ukrainian Internet Names Center Ltd)
Resolved ultimatecore.info to 91.231.84.114 New andromeda from this guy. Server: ultimatecore.info Gate file: /mario/root.php This is the full version of andromeda, with all of the plugins. Plugins: Formgrabber plugin: ultimatecore.info/test/f.pack Gate file: /mario/fg.php Socks plugin: ultimatecore.info/test/s.pack Rootkit plugin: ultimatecore.info/test/r.pack Hosting infos: http://whois.domaintools.com/91.231.84.114 Edit: Plugins are now at ultimatecore.info/samuelkaptioalpha1/ I think you can guess what eachRead more...
crysis4.net (Andromeda http bot hosted by Ukraine Ukrainian Internet Names Center Ltd)
Resolved crysis4.net to 91.231.84.114 Gate url: http://crysis4.net/knockout/image.php Login url: http://crysis4.net/knockout/index.php Rootkit plugin: http://crysis4.net/test/r.pack Hosting infos: http://whois.domaintools.com/91.231.84.114