Remote Host Port Number 208.87.242.18 80 * The data identified by the following URLs was then requested from the remote web server: o http://208.87.242.18/~remngor/files/depp/web/config.bin o http://208.87.242.18/~remngor/files/depp/web/gate.php o http://208.87.242.18/~remngor/files/depp/web/system/ip.php Registry Modifications * The following Registry Keys were created: o HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionExplorer{19127AD2-394B-70F5-C650-B97867BAA1F7} o HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionExplorer{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} o HKEY_USERS.DEFAULTSoftwareMicrosoftProtected Storage System Provider * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsRead more...
mrssimonquispe.enladisco.com(botnet hosted in United States Forney Networld Internet Services)
Remote Host Port Number 206.123.89.191 6567 PASS s1m0n3t4 MODE [SI|USA|00|P|61978] -ix JOIN #iausto# c1rc0dus0leil PONG Coupe2.Network NICK [SI|USA|00|P|61978] USER XP-6042 * 0 :COMPUTERNAME * The following port was open in the system: Port Protocol Process 1053 TCP tanga.exe (%Windir%tanga.exe) Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Service ares = “tanga.exe”Read more...
unknown.ord.scnet.net( botnet hosted in United States Chicago Hostforweb Inc)
Remote Host Port Number 64.202.102.234 50500 NICK {New}[USA-1244024-XP] USER 6950797 “” “lol” :6950797 JOIN #LED PONG 422 Topic On: [ #LED ] [ light emitting diode ] Topic By: [ Switch ] Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + rgservs = “%Temp%rgservs.exe” so that rgservs.exe runs every time Windows startsRead more...
92.241.174.38(SpyEye Panel hosted in Russian Federation Hoster24.ru Servers)
Panel:http://92.241.174.38/main/ exe file:http://92.241.174.38/main/bin/buildfud.exe http://92.241.174.38/main/bin/config.bin
193.106.173.129(Botnet hosted inRussian Federation Iqhost Ltd)
server Ip: 193.106.173.129 Server Port: 1338 Channel Name: #TM There are 1 users and 501 invisible on 1 servers 69 unknown connection(s) channels formed I have 502 clients and 0 servers Current Local Users: 502 Max: 619 Current Global Users: 502 Max: 584 Now talking in #TM Topic On: [ #TM ] [ Try commandRead more...
orbitaurl.com( botnet hosted in United States Chicago Hostforweb Inc)
Remote Host Port Number 66.225.241.182 2345 NICK New[USA|00|P|11539] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-5074 * 0 :COMPUTERNAME MODE New[USA|00|P|11539] -ix JOIN #!loco! PONG 22 MOTD – DNS Queries: Name Query Type Query Result Successful Protocol orbitaurl.com DNS_TYPE_A 158.2.125.114 14.73.178.183 YES udp 210.170.62.115:2345 Nick: New[AUT|00|P|38063] Username:Read more...
static.187.176.4.46.clients.your-server.de(botnet hosted in Germany Hetzner Online Ag)
Remote Host Port Number 46.4.176.187 6669 JOIN ##ReliviuM InVaLiDDD PONG :BoTNeT.GoV Other details * The following port was open in the system: Port Protocol Process 1052 TCP [file and pathname of the sample #1] Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnceSetup o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServicesOnce o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoaddowsRead more...
b33p.zapto.org(botnet hosted in United States Arlington Heights Ecomdevel Llc)
b33p.zapto.org ip: 69.65.19.117 b33p.zapto.org ip: 69.65.19.116 69.65.19.116:6108 channel: #base infos about hosting: http://whois.domaintools.com/69.65.19.117
nadeganja.no-ip.net(botnet hosted in Germany Berlin Netdirekt E.k)
nadeganja.no-ip.net DNS_TYPE_A 95.168.172.190 95.168.172.190:6374 channel: #nade2# infos about hosting: http://whois.domaintools.com/95.168.172.190
irc.wanger.biz(botnet hosted in Germany Dolorem Ipsum)
irc.wanger.biz:8782 46.4.232.76:8782 Nick: :{00-USA-XP-pc7-7123} Username: blaze Server Pass: weed Joined Channel: #sshscan2 Channel Topic for Channel #sshscan2: “.scan sshgodscan 38 8 0 192.x.x.x -n -b |.scan sshgodscan 30 8 0 141.x.x.x -n -b |.scan sshgodscan 30 8 0 218.x.x.x -n -b” Set by Yewnix on Tue Dec 21 20:50:57 Private Message to User {iNF-00-USA-XP-pxb8x8cI: “SC//Read more...