dell.special.jp 210.168.252.109 Opened listening TCP connection on port: 113 C&C Server: 210.168.252.109:17402 Server Password: Username: fdlea Nickname: DEU|77874 Channel: ##new## (Password: gatesgates) Channeltopic: :.asc asn445 100 0 2555 -a -b -r Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows Service Agent” = agl23.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices “Windows Service Agent” = agl23.exe HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Windows ServiceRead more...
188.72.205.89
Remote Host Port Number 188.72.205.89 6567 NICK {XPUSA843752} PONG irc.priv8net.com USER COMPUTERNAME * 0 :COMPUTERNAME MODE {XPUSA843752} -ix JOIN #putocm MODE #putocm -ix Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Services = “service.exe” so that service.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Windows Update = “%Temp%service.exe” soRead more...
95.142.163.184
(IRC) [00|FRA|881622]: Bot sniff “95.142.163.184:6667” ircd here “:VirUs-pqrquk!VirUs@151.81.7.141 JOIN :#VirUs.aLiS# “ (IRC) [00|FRA|881622]: Bot sniff “95.142.163.184:6667” “:VirUs-khnmlc!VirUs@190.73.73.197 JOIN :#VirUs.aLiS# “
norks.org
3.68.16.30:80 – :norks.org 001 bfqiebwf :Welcome to the Internet Relay Network bfqiebwf -psniff- suspicious BOT packet from: 74.117.174.110:21321 ircd here – :cbl-sd-74-1.aster.com.do 302 ] [laMer][lnwhcdrj :][laMer][lnwhcdrj=+~laMerl@122-120-130-36.dynamic.hinet.net -psniff- suspicious BOT packet from: 74.117.174.82:16667 – ircd here :s11.cpe.netcabo.uk 404 [M][TWN]XP-SP1[00]1694 #l# :You must have a registered nick (+r) to talk on this channel (#l#)
178.63.148.49
Remote Host Port Number 178.63.148.49 6667 NICK n{USA|XP}793757 USER 7937 “” “TsGh” :7937 JOIN #Adam Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Update System = “%AppData%winlogon.exe” + UserFaultCheck = “%System%dumprep 0 -u” so that winlogon.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Windows Update System = “%AppData%winlogon.exe” soRead more...