ganja009.no-ip.info DNS_TYPE_A 212.117.183.200 212.117.183.200:6374 Nick: n{Ganja-AUS|XP}921011 Username: 3663 Joined Channel: #nade Process Created Process: C:Documents and SettingsAdministratorApplication Datataskmge.exe

Value and Dee Botnet C&C irc dns 14ips DNS_TYPE_A addr: blazing10.no-value.info ip: 93.62.62.208 blazing10.no-value.info ip: 213.11.137.67 blazing10.no-value.info ip: 208.53.148.235 blazing10.no-value.info ip: 203.141.249.71 blazing10.no-value.info ip: 195.230.16.104 blazing10.no-value.info ip: 195.22.37.163 blazing10.no-value.info ip: 193.179.184.64 blazing10.no-value.info ip: 188.65.49.11 blazing10.no-value.info ip: 153.90.164.208 blazing10.no-value.info ip: 147.102.159.9 blazing10.no-value.info ip: 146.83.165.10 addr: blazing10.no-value.info ip: 139.91.102.101 addr: blazing10.no-value.info ip: 137.229.242.129 blazing10.no-value.info:9595 Serverpass:Peja0444@ NICK [USA|00|XP|P|22202]Read more...

Remote Host Port Number 178.86.2.16 1234 PASS xxx 204.0.5.42 80 204.0.5.43 80 204.0.5.58 80 207.38.101.11 80 207.38.101.12 80 216.178.38.168 80 63.135.80.58 80 63.135.86.21 80 63.135.86.39 80 64.208.138.214 80 NICK NEW-[USA|00|P|38552] USER XP-4514 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|38552] -ix JOIN #!nn! test PONG 22 MOTD JOIN #USA * The data identified by the following URLs wasRead more...

Remote Host Port Number 112.78.112.208 80 218.5.74.190 80 91.212.127.147 80 204.45.85.210 57221 54.59.85ae.static.theplanet.com 25 209.85.97.106 25 65.55.92.152 25 66.94.237.64 25 70.87.6.99 25 MODE #! -ix MODE #Ma -ix USER SP2-285 * 0 :COMPUTERNAME MODE [N00_USA_XP_0571683] @ -ix MODE #dpi -ix channel: #dpi and #! idle87 changes topic to ‘.asc -S|.asc exp_all 25 2 0 -aRead more...

Remote Host Port Number 212.95.45.107 6567 NICK {XPUSA661553} JOIN #kavtodio2 PONG fatalz.net USER COMPUTERNAME * 0 :COMPUTERNAME MODE {XPUSA661553} -ix Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Services = “svchots.exe” so that svchots.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Windows Update = “%Temp%svchots.exe” so that svchots.exe runsRead more...

Remote Host Port Number 88.255.104.171 81 NICK [N00_USA_XP_5511946] USER SP2-756 * 0 :COMPUTERNAME * The following port was open in the system: Port Protocol Process 1053 TCP Zsnkspm.exe (%System%Zsnkspm.exe) Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun] + Microsoft Driver SetupRead more...

Remote Host Port Number 208.43.36.96 80 93.174.94.86 1234 PASS xxx PONG 22 MOTD NICK [USA|00|P|86953] USER XP-0557 * 0 :COMPUTERNAME MODE [USA|00|P|86953] -ix JOIN #!wm! test Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Java developer Script Browse = “[file and pathname of the sample #1]” so that [file and pathnameRead more...

Resolved : [onefucker.mine.nu] To [203.153.116.155] Remote Host Port Number 203.153.116.155 6667 NICK UserName10 USER UserName10 “hotmail.com” “onefucker.mine.nu” :UserName JOIN #spy chanpass MODE UserName10 +i MODE #spy +nts Registry Modifications * The following Registry Key was created: o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Winsock2 driver = “_1.EXE” o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce] +Read more...

ms.mobilerequests.com – Unknown UDP Traffic: 89.149.223.140:1863 State: Normal establishment and termination – Transferred outbound Bytes: 76 – Transferred inbound Bytes: 58 here all results from exe scan http://anubis.iseclab.org/?action=result&task_id=1952d1a31ce718b74b9557b86d5f9f90d&format=html#id369875

this bot have udp protocol wich is similar to mariposa and the net is very large DNS Lookup Host Name IP Address dell-d3e62f7e26 10.1.6.2 ff.fjpark.com 98.126.180.250 208.53.183.124 208.53.183.124 74.63.78.27 74.63.78.27 208.53.183.92 208.53.183.92 UDP Connections Remote IP Address: 98.126.180.250 Port: 9955 Send Datagram: packet(s) of size 21 Send Datagram: 7 packet(s) of size 10 Send Datagram:Read more...