Remote Host Port Number 67.210.170.142 20000 PASS ohai NICK pavtkt USER ugjyyk “” “wfm” :ugjyyk Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{98ZVD5C0-4FCB-11CF-AAX5-81CX1C635612} * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{98ZVD5C0-4FCB-11CF-AAX5-81CX1C635612}] + StubPath = “c:ReCycLErS-1-5-21-1482276501-1663491937-6831267430-1013svchost.exe” so that svchost.exe runs every time Windows starts * The following fileRead more...
bazilboom.mine.nu
Remote Host Port Number 92.237.69.33 6667 NICK vrX|na|XP|SP2|00001 NICK :vrX|na|XP|SP2|00008 NICK :vrX|na|XP|SP2|00009 NICK :vrX|na|XP|SP2|00010 NICK :vrX|na|XP|SP2|00011 NICK :vrX|na|XP|SP2|00012 NICK :vrX|na|XP|SP2|00013 NICK :vrX|na|XP|SP2|00014 NICK :vrX|na|XP|SP2|00015 NICK :vrX|na|XP|SP2|00016 NICK :vrX|na|XP|SP2|00017 USER RadXScan “” “bazilboom.mine.nu” :RadX NICK :vrX|na|XP|SP2|00018 NICK :vrX|na|XP|SP2|00002 NICK vrX|na|XP|SP2|00002 NICK :vrX|na|XP|SP2|00003 NICK :vrX|na|XP|SP2|00004 NICK :vrX|na|XP|SP2|00005 NICK :vrX|na|XP|SP2|00006 NICK :vrX|na|XP|SP2|00007 Registry Modifications * The following RegistryRead more...
193.107.16.29
Remote Host Port Number 193.107.16.29 8888 NICK [Fresh|6673|USA|XP] USER 6673 “” “lol” :6673 JOIN #Cybernet 200500 * The following ports were open in the system: Port Protocol Process 1051 TCP [file and pathname of the sample #1] 1054 TCP [file and pathname of the sample #1] Registry Modifications * The newly created Registry Values are:Read more...
tbt1.crabdance.com
tbt1.crabdance.com 58.137.9.88 C&C Server: 58.137.9.88:9595 Server Password: Username: hhhya Nickname: DEU|XP|SP3|00|2600|L|9157 Channel: ##nzm2 (Password: psy) Channeltopic: :@advscan mssql 50 5 0 -b -l Resolved : [tbt1.crabdance.com] To [58.137.9.88] Resolved : [tbt1.crabdance.com] To [202.170.81.163] Resolved : [tbt1.crabdance.com] To [94.141.68.98] hosting infos: http://whois.domaintools.com/58.137.9.88
95.211.84.164
Remote Host Port Number 95.211.84.164 6567 PASS pr1v4d0onl1n3r MODE [SI|USA|00|P|44222] -ix JOIN #update1# c1rc0s0leil PONG Coupe.Network NICK [SI|USA|00|P|44222] USER XP-2179 * 0 :COMPUTERNAME * The following port was open in the system: Port Protocol Process 1055 TCP Sontiwin.exe (%Windir%Sontiwin.exe) Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Ci Servs = “Sontiwin.exe”Read more...
legend.rootyou.org
legend.rootyou.org 83.217.70.132 Opened listening TCP connection on port: 113 * C&C Server: 83.217.70.132:443 * Server Password: * Username: yxvypn * Nickname: yxvypn * Channel: #spybot (Password: chanpass) * Channeltopic: * C&C Server: 83.217.70.132:443 * Server Password: * Username: rrtd * Nickname: rrtd * Channel: (Password: ) * Channeltopic: * C&C Server: 83.217.70.132:443 * Server Password:Read more...
78.46.21.247
Remote Host Port Number 78.46.21.247 6680 PING hell1410.zapto.org USER [NEW|7755] False * :kBotv5 NICK [NEW|7755] JOIN #cutugno PONG :You have not registered JOIN ##USA Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + dll = “%AppData%dllsvchost.exe” so that svchost.exe runs every time Windows starts * The following Registry Value was modified: oRead more...
n.main-update.com
* The following Host Name was requested from a host database: o n.main-update.com * There was registered attempt to establish connection with the remote host. The connection details are: Remote Host Port Number n.main-update.com 81 Resolved : [n.main-update.com] To [173.203.101.190] Resolved : [n.main-update.com] To [212.117.180.158] Resolved : [n.main-update.com] To [173.203.96.94] NICK n[USA|XP]7592447 USER s “”Read more...
67.210.170.178(linkbot)
Remote Host Port Number 67.210.170.178 4676 USER cuqlkd cuqlkd cuqlkd :ussomchqqwibaimo NICK d[SchPopm]b * The following port was open in the system: Port Protocol Process 1053 TCP algs.exe (%System%algs.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Application Layer Gateway Service = “%System%algs.exe” so that algs.exe runs every time Windows startsRead more...
irc.anzimazor.info
* The following Host Name was requested from a host database: o irc.anzimazor.info * There was registered attempt to establish connection with the remote host. The connection details are: Remote Host Port Number irc.anzimazor.info 1010 NICK n{USA|XP}xjjabpb USER n{USA|XP}xjjabpb 0 0 :n{USA|XP}xjjabpb Registry Modifications * The following Registry Key was created: o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionApp * TheRead more...