I've been tracking a number of hosts over the last couple of months and finally found a live host that was poorly configured. Pulled down the files available that I could and now am able to identify the pack as "FSPACK". Signature I've used for tracking within the urls is the file /xd/sNode.php being caught in IPS logs.
hxxp://atthistime.com/configs/
Reviewing the exploits contained and will update shortly with what I've been able to find.
Topic: Another new package - FSPACK (Read 3909 times)