irc.multifake.com 217.23.14.177 * C&C Server: 217.23.14.177:6667 * Server Password: * Username: XP-6967 * Nickname: [DEU|00|P|59009] * Channel: #jacke (Password: Neovo123) * Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “svcmgr” = svcmgr.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “svcmgr” = svcmgr.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:imbot.exe” = c:imbot.exe:*:Enabled:svcmgr HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “LogSessionName” = [REG_EXPAND_SZ, value: stdout] HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “Active”Read more...
XxX.Bo7MoD.Net
XxX.Bo7MoD.Net 95.154.216.63 Opened listening TCP connection on port: 9265 Opened listening TCP connection on port: 113 * C&C Server: 95.154.216.63:3211 * Server Password: * Username: Mazyon_1d4 * Nickname: XP4w1X2 * Channel: #g (Password: xpass) * Channeltopic:
gg.arrancar.org (Worm.Win32.Neeris)
gg.arrancar.org DNS_TYPE_A 216.240.187.145 1 – Opened Listening Ports: Port Type 4457 tcp – TCP Connection Attempts: 216.240.187.145:555 more here http://anubis.iseclab.org/?action=result&task_id=182f961d8f590b9543d057f2131f22c93&format=html
shane1992.no-ip.info
shane1992.no-ip.info DNS_TYPE_A 173.224.209.16 1 173.224.209.16:6667 Nick: [AUT|0149|XP] Username: 3357 Joined Channel: #Zerox#
t3w.no-ip.info
t3w.no-ip.info 173.31.104.34 * C&C Server: 173.31.104.34:6667 * Server Password: * Username: XP-5907 * Nickname: [DEU|00|P|21276] * Channel: #BotnetMaster (Password: soap) * Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “test” = test.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “test” = test.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:SoBeBot.exe” = c:SoBeBot.exe:*:Enabled:test HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “LogSessionName” = [REG_EXPAND_SZ, value: stdout] HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “Active”Read more...
msn.decolors.org
msn.decolors.org 66.207.128.24 * C&C Server: 66.207.128.24:6667 * Server Password: * Username: DEU23 * Nickname: U___U|133861 * Channel: #gusanito (Password: ) * Channeltopic: : espera… ya viste las imagenes del terremoto en chile… http://www.plasticosylimpieza.com.mx/tienda/fotos/login/ayuda-chile.php??aporta=img2010 * C&C Server: 66.207.128.24:6667 * Server Password: * Username: DEU00 * Nickname: U___U|990162 * Channel: #gusanito (Password: ) * Channeltopic: : espera…Read more...
mekoz.no-ip.org
mekoz.no-ip.org 66.207.128.24 * C&C Server: 66.207.128.24:6667 * Server Password: * Username: DEU8 * Nickname: Error7056818 * Channel: #pr0n (Password: r00t) * Channeltopic: :oie oieeeee… campaña para ayudar a chile, mira el spot 😀 … http://iicvascularcenter.com.ar/nuevaweb/inv_docs/ayuda-chile.php??aporta=img2010 (H) Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows Taskmager” = taskmrg.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun “Windows Taskmager” = taskmrg.exeRead more...
entranessaonda.com
entranessaonda.com 64.32.27.135 Opened listening TCP connection on port: 35549 * C&C Server: 64.32.27.135:6667 * Server Password: * Username: cvvfqi * Nickname: L2-cx6i * Channel: #ceara (Password: ) * Channeltopic: :.scan 75 1 189.42.x.x 2 1 189.42.x.x
irc.gizemdolu.net
irc.gizemdolu.net 213.229.82.141 Opened listening TCP connection on port: 113 * C&C Server: 213.229.82.141:6667 * Server Password: * Username: jmlleo * Nickname: deZ-81849 * Channel: #ri0t (Password: milf) * Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Task manager” = taskmngr.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices “Task manager” = taskmngr.exe HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Task manager” = taskmngr.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftOle “EnableDCOM”Read more...
irc.ppoeconx.com
69.245.107.191 (6667) chanels:##im;#Q Invisible Users: 330 Operators: 1 operator(s) online Channels: 8 channels formed Clients: I have 358 clients and 0 servers Local users: Current Local Users: 358 Max: 435 Global users: Current Global Users: 358 Max: 390