kuwait.arabgroup.org 204.188.240.50 Opened listening TCP connection on port: 113 C&C Server: 204.188.240.50:3232 Server Password: Username: xxzag Nickname: DEU|XP|SP3|00|40038 Channel: #drhackers1# (Password: ) Channeltopic: :.advscan asn445 100 9 0 -r -b
46.4.229.246
Remote Host Port Number 46.4.229.246 51987 USER rA rA rA rA NICK [rA|USA|XP|26962] JOIN #Scope# nokey PRIVMSG #Scope# : 4New bot for Scope PING :IRC.Secret.GoV Other details * The following port was open in the system: Port Protocol Process 1054 TCP lsass.exe (%AppData%lsass.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] +Read more...
ogard.shannen.cc(Ogard again)
Resolved : [ogard.shannen.cc] To [95.142.163.184] Resolved : [ogard.shannen.cc] To [92.243.28.194] * The following Host Names were requested from a host database: o ogard.shannen.cc o Ogard.helldark.biz o ogard.ircdevils.net PASS Virus NICK VirUs-vxbscaka USER VirUs “” “xdm” : .8,1..8Coded .4By .8VirUs.. Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67KLN5J0-4OPM-00WE-AAX5-74CC2A322142} * The newlyRead more...
team.radiozeri.de(lolbot hosted in France Clermont-ferrand Ovh Sas)
Resolved : [team.radiozeri.de] To [91.186.15.64] Resolved : [team.radiozeri.de] To [66.187.108.124] Resolved : [team.radiozeri.de] To [66.187.101.231] Resolved : [team.radiozeri.de] To [94.23.8.138] Remote Host Port Number team.radiozeri.de 81 NICK n[USA|XP]0968364 USER s “” “lol” :s JOIN #newbin# NICK [USA|XP]2578635 NICK [USA|XP]9864029 Other details * To mark the presence in the system, the following Mutex object was created:Read more...
23u.no-ip.info
Remote Host Port Number 23u.no-ip.info 51987 Resolved : [3u.no-ip.info] To [82.146.49.176] PASS google_cache2.tmp NICK NEW{EpicBot-USA|XP}615228 USER 7570 “” “TsGh” :7570 JOIN #Cheese# Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Simatic Updates = “%Windir%winlogon.exe” + UserFaultCheck = “%System%dumprep 0 -u” so that winlogon.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]Read more...
66.187.110.154
Remote Host Port Number 66.187.110.154 81 NICK n[USA|XP|COMPUTERNAME]kspycmw USER n “” “lol” :n JOIN #biz# PONG 422 * The following directory was created: o %AppData%C-76947-8457-2745 Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + WindowsDriverControl = “%AppData%C-76947-8457-2745winmsngrn.exe” so that winmsngrn.exe runs every time Windows starts File System Modifications * The following filesRead more...
64.20.46.176
Remote Host Port Number 64.20.46.176 81 67.195.145.141 80 * The data identified by the following URL was then requested from the remote web server: o http://wallprofiles.net/pic.exe NICK n[USA|XP|COMPUTERNAME]putuqyw USER n “” “lol” :n JOIN #biz# PONG 422 Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + WindowsDriverControl = “%AppData%C-76947-8457-2745wincdrsvn.exe” so that wincdrsvn.exeRead more...
184.106.215.31
Remote Host Port Number 184.106.215.31 6667 NICK {XPUSA874460} JOIN ##spam## PRIVMSG ##spam## :.::[MSN]::. Enviando Mensaje. PONG irc.priv8net.com USER COMPUTERNAME * 0 :COMPUTERNAME MODE {XPUSA874460} -ix Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Services = “service.exe” so that service.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Windows Update =Read more...
66.187.108.124
Remote Host Port Number 66.187.108.124 81 NICK n[USA|XP|COMPUTERNAME]fgfbdpb USER n “” “lol” :n JOIN #biz# PONG 422 Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + WindowsDriverControl = “%AppData%C-76947-8457-2745wincdrsvn.exe” so that wincdrsvn.exe runs every time Windows starts File System Modifications * The following files were created in the system: # Filename(s) FileRead more...
dalga.co.cc
NICK acelya USER ferda_54 “Cod” “dalga.co.cc” :Perihan^^^^ USERHOST acelya JOIN #x birtanem }. MODE #x NOTICE acelya :.VERSION mIRC v6.03 Khaled Mardam-Bey. NOTICE acelya :.version mIRC v6.16 Khaled Mardam-Bey. NOTICE IRC :.version mIRC v6.16 Khaled Mardam-Bey. NOTICE Version :.version mIRC v6.16 Khaled Mardam-Bey. PRIVMSG #x :Sahip , Sana Hizmete Haz.r.m ( v2 ) NICK Cansu4Read more...