Month: March 2010

ss.ka3ek.com

By Pig, March 9, 2010
Uncategorized

ss.ka3ek.com 204.45.13.154 62.214.211.253 62.214.211.253 C&C Server: 204.45.13.154:10324 Server Password: Username: jpstef Nickname: hLCYqrXj Channel: #koko (Password: ) Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Microsoft Internet Explorer” = C:WINDOWSsystem32iexplore.exe Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptography “MachineGuid” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSession ManagerAppCompatibility “DisableAppCompat” HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{871C5380-42A0-1069-A2EA-08002B30309D}InProcServer32 “” HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp PathsIEXPLORE.EXERead more...

ss.nadnadzzz.info

By Pig, March 8, 2010
Uncategorized

ss.nadnadzzz.info 98.126.176.146 i3ED6DF29.versanet.de 62.214.223.41 C&C Server: 98.126.176.146:5190 Server Password: Username: pgghoa Nickname: wlSRnqlq Channel: #koko (Password: ) Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows Network Firewall” = C:WINDOWSsystem32firewall.exe Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptography “MachineGuid” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSession ManagerAppCompatibility “DisableAppCompat” HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{871C5380-42A0-1069-A2EA-08002B30309D}InProcServer32 “” HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp PathsIEXPLORE.EXERead more...

irc2.taserz.info

By Pig, March 8, 2010
Uncategorized

this guy is suposed to be a coder read here: Son1cBl4st’s Goodbye I am leaving Leet Coders for several reasons, one of them simply being the mature state of the community. Mature and immature people is what makes a successful or unsuccessful website. At the moment we have a lot of immature members that stateRead more...

irc.multifake.com

By Pig, March 8, 2010
Uncategorized

irc.multifake.com 217.23.14.177 * C&C Server: 217.23.14.177:6667 * Server Password: * Username: XP-6967 * Nickname: [DEU|00|P|59009] * Channel: #jacke (Password: Neovo123) * Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “svcmgr” = svcmgr.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “svcmgr” = svcmgr.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:imbot.exe” = c:imbot.exe:*:Enabled:svcmgr HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “LogSessionName” = [REG_EXPAND_SZ, value: stdout] HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “Active”Read more...

XxX.Bo7MoD.Net

By Pig, March 6, 2010
Uncategorized

XxX.Bo7MoD.Net 95.154.216.63 Opened listening TCP connection on port: 9265 Opened listening TCP connection on port: 113 * C&C Server: 95.154.216.63:3211 * Server Password: * Username: Mazyon_1d4 * Nickname: XP4w1X2 * Channel: #g (Password: xpass) * Channeltopic:

gg.arrancar.org (Worm.Win32.Neeris)

By Pig, March 6, 2010
Uncategorized

gg.arrancar.org DNS_TYPE_A 216.240.187.145 1 – Opened Listening Ports: Port Type 4457 tcp – TCP Connection Attempts: 216.240.187.145:555 more here http://anubis.iseclab.org/?action=result&task_id=182f961d8f590b9543d057f2131f22c93&format=html

shane1992.no-ip.info

By Pig, March 6, 2010
Uncategorized

shane1992.no-ip.info DNS_TYPE_A 173.224.209.16 1 173.224.209.16:6667 Nick: [AUT|0149|XP] Username: 3357 Joined Channel: #Zerox#

t3w.no-ip.info

By Pig, March 6, 2010
Uncategorized

t3w.no-ip.info 173.31.104.34 * C&C Server: 173.31.104.34:6667 * Server Password: * Username: XP-5907 * Nickname: [DEU|00|P|21276] * Channel: #BotnetMaster (Password: soap) * Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “test” = test.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “test” = test.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:SoBeBot.exe” = c:SoBeBot.exe:*:Enabled:test HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “LogSessionName” = [REG_EXPAND_SZ, value: stdout] HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “Active”Read more...

msn.decolors.org

By Pig, March 4, 2010
Uncategorized

msn.decolors.org 66.207.128.24 * C&C Server: 66.207.128.24:6667 * Server Password: * Username: DEU23 * Nickname: U___U|133861 * Channel: #gusanito (Password: ) * Channeltopic: : espera… ya viste las imagenes del terremoto en chile… http://www.plasticosylimpieza.com.mx/tienda/fotos/login/ayuda-chile.php??aporta=img2010 * C&C Server: 66.207.128.24:6667 * Server Password: * Username: DEU00 * Nickname: U___U|990162 * Channel: #gusanito (Password: ) * Channeltopic: : espera…Read more...

mekoz.no-ip.org

By Pig, March 4, 2010
Uncategorized

mekoz.no-ip.org 66.207.128.24 * C&C Server: 66.207.128.24:6667 * Server Password: * Username: DEU8 * Nickname: Error7056818 * Channel: #pr0n (Password: r00t) * Channeltopic: :oie oieeeee… campaña para ayudar a chile, mira el spot 😀 … http://iicvascularcenter.com.ar/nuevaweb/inv_docs/ayuda-chile.php??aporta=img2010 (H) Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows Taskmager” = taskmrg.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun “Windows Taskmager” = taskmrg.exeRead more...