Some of you know Betabot.. if you don't: http://www.ic3.gov/media/2013/130918.aspx
Terminate bot till next reboot:
Visit URL option:
Update bot option:
List of dns recod to modify:
The botmaster was running a support site at the url betabot.ru that i've monitored since... i don't know almost the begining till the end.
I've really collected a lot of datas and was constantly flagging new C&C urls even before they was active.
Inquiries sent to the betabot team (before they started the support forum):
Some clients kits:
Finally some people got busted using these informations..
If you want an example.. 'Spit Fyre' ex super moderator at Trojanforge who reside in the same country as me.
If you wonder why he disappeared you know why now.
Spit Fyre requesting an admin of Hackyard to delete his account after he got cops at door:
Some of his domains:
• dns: 1 ›› ip: 18.104.22.168 - adress: DARKNESS.SU
• dns: 1 ›› ip: 22.214.171.124 - adress: WEED.SU
• dns: 1 ›› ip: 126.96.36.199 - adress: MEZIAMUSSUCEMAQUEUE.SU
• dns: 1 ›› ip: 188.8.131.52 - adress: UMBXD15896.SU
• dns: 1 ›› ip: 184.108.40.206 - adress: STYXB1TCH35.SU
• dns: 1 ›› ip: 220.127.116.11 - adress: J1NXFYR3.SU
Anyway it's useless to talk about him and others betabot clients who had visits, the current status of betabot is stalled now and someone even made a builder for the 18.104.22.168 version.
Betabot was a creative malware, plagued by bugs though.