Remote Host Port Number 184.82.37.136 6667 NICK tltknwytlm USER ztetqtgovb 0 0 :tltknwytlm JOIN #dickery hickery USERHOST tltknwytlm MODE tltknwytlm -xi+B PONG :S.W.A.T Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices o HKEY_CURRENT_USERSoftwareMicrosoftOLE * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Microsoft = “vcpkgsrv.exe” so that vcpkgsrv.exe runs every timeRead more...
94.23.45.70
Remote Host Port Number 212.69.208.105 80 94.23.45.70 6667 NICK vrX|na|XP|SP2|00001 JOIN #vncrad# itsinearstoo MODE #vncrad# NICK :vrX|na|XP|SP2|00001 PRIVMSG #vncrad# : Scanning Range 10195.241.0.0 10scan USER RadXScan “” “94.23.45.70” :RadX MODE vrX|na|XP|SP2|00001 +i Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREClasses.cha o HKEY_LOCAL_MACHINESOFTWAREClasses.chat o HKEY_LOCAL_MACHINESOFTWAREClassesChatFile o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileDefaultIcon o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShell o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopen o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopencommandRead more...
67.43.232.36
Remote Host Port Number 204.0.5.51 80 208.53.183.20 80 208.53.183.46 80 67.210.170.179 80 205.188.59.194 25 64.12.90.98 25 67.43.232.36 5190 * The data identified by the following URLs was then requested from the remote web server: o http://http.icq.com.edgesuite.net/pub/ICQ_Win95_98_NT4/ICQ_4/Lite_Edition/icq4_setup.exe o http://yutunrz.1dumb.com/reg?u=7710BA55&v=187&s=0&su=0&p=1&e=0&o=0&a=0&wr=75 JOIN #kok7 USERHOST FQixZtkC MODE ##xddc +smntu MODE #xddc1 +smntu MODE #xddc2 +smntu MODE #kok7 +smntu USERRead more...
67.210.170.142
Remote Host Port Number 67.210.170.142 20000 PASS ohai NICK pavtkt USER ugjyyk “” “wfm” :ugjyyk Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{98ZVD5C0-4FCB-11CF-AAX5-81CX1C635612} * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{98ZVD5C0-4FCB-11CF-AAX5-81CX1C635612}] + StubPath = “c:ReCycLErS-1-5-21-1482276501-1663491937-6831267430-1013svchost.exe” so that svchost.exe runs every time Windows starts * The following fileRead more...
bazilboom.mine.nu
Remote Host Port Number 92.237.69.33 6667 NICK vrX|na|XP|SP2|00001 NICK :vrX|na|XP|SP2|00008 NICK :vrX|na|XP|SP2|00009 NICK :vrX|na|XP|SP2|00010 NICK :vrX|na|XP|SP2|00011 NICK :vrX|na|XP|SP2|00012 NICK :vrX|na|XP|SP2|00013 NICK :vrX|na|XP|SP2|00014 NICK :vrX|na|XP|SP2|00015 NICK :vrX|na|XP|SP2|00016 NICK :vrX|na|XP|SP2|00017 USER RadXScan “” “bazilboom.mine.nu” :RadX NICK :vrX|na|XP|SP2|00018 NICK :vrX|na|XP|SP2|00002 NICK vrX|na|XP|SP2|00002 NICK :vrX|na|XP|SP2|00003 NICK :vrX|na|XP|SP2|00004 NICK :vrX|na|XP|SP2|00005 NICK :vrX|na|XP|SP2|00006 NICK :vrX|na|XP|SP2|00007 Registry Modifications * The following RegistryRead more...
193.107.16.29
Remote Host Port Number 193.107.16.29 8888 NICK [Fresh|6673|USA|XP] USER 6673 “” “lol” :6673 JOIN #Cybernet 200500 * The following ports were open in the system: Port Protocol Process 1051 TCP [file and pathname of the sample #1] 1054 TCP [file and pathname of the sample #1] Registry Modifications * The newly created Registry Values are:Read more...
tbt1.crabdance.com
tbt1.crabdance.com 58.137.9.88 C&C Server: 58.137.9.88:9595 Server Password: Username: hhhya Nickname: DEU|XP|SP3|00|2600|L|9157 Channel: ##nzm2 (Password: psy) Channeltopic: :@advscan mssql 50 5 0 -b -l Resolved : [tbt1.crabdance.com] To [58.137.9.88] Resolved : [tbt1.crabdance.com] To [202.170.81.163] Resolved : [tbt1.crabdance.com] To [94.141.68.98] hosting infos: http://whois.domaintools.com/58.137.9.88
95.211.84.164
Remote Host Port Number 95.211.84.164 6567 PASS pr1v4d0onl1n3r MODE [SI|USA|00|P|44222] -ix JOIN #update1# c1rc0s0leil PONG Coupe.Network NICK [SI|USA|00|P|44222] USER XP-2179 * 0 :COMPUTERNAME * The following port was open in the system: Port Protocol Process 1055 TCP Sontiwin.exe (%Windir%Sontiwin.exe) Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Ci Servs = “Sontiwin.exe”Read more...
legend.rootyou.org
legend.rootyou.org 83.217.70.132 Opened listening TCP connection on port: 113 * C&C Server: 83.217.70.132:443 * Server Password: * Username: yxvypn * Nickname: yxvypn * Channel: #spybot (Password: chanpass) * Channeltopic: * C&C Server: 83.217.70.132:443 * Server Password: * Username: rrtd * Nickname: rrtd * Channel: (Password: ) * Channeltopic: * C&C Server: 83.217.70.132:443 * Server Password:Read more...
78.46.21.247
Remote Host Port Number 78.46.21.247 6680 PING hell1410.zapto.org USER [NEW|7755] False * :kBotv5 NICK [NEW|7755] JOIN #cutugno PONG :You have not registered JOIN ##USA Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + dll = “%AppData%dllsvchost.exe” so that svchost.exe runs every time Windows starts * The following Registry Value was modified: oRead more...