Search
Keyword: IRC_Generic
#007 It accesses a remote Internet Relay Chat (IRC) server where it receives the following commands from a remote malicious user: IRC Control: join → join a specified channel part → leave a specified
This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Hacking Tool arrives on a
\command=TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe shell\open\default=1 Backdoor Routine This worm connects to any of the following IRC server(s): irc.{BLOCKED}ol.co.cc It accesses a remote
clear log files Terminate the bot Disconnect the bot from IRC Send a message to the IRC server Let the bot perform mode change Change BOT ID Display connection type, local IP address, and other net
{645FF040-5081-101B-9F08-00AA002F954E}\tmpmon-t829058.xtc ;garbage characters useautoplay=1 ;garbage characters Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}-0.level4-co2-as30938.su {BLOCKED
startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Windongs = "{malware path}\{malware file name}.exe" Backdoor Routine This backdoor connects to any of the following IRC server(s):
{23F24C31-568D-461D-B5CA-13393D19909A} = "%Application Data%\{23F24C31-568D-461D-B5CA-13393D19909A}\hdg.exe" Backdoor Routine This backdoor connects to any of the following IRC server(s): epic.{BLOCKED}s.xxx irc1.{BLOCKED}-wow.com It
Backdoor Routine This worm connects to any of the following Internet Relay Chat (IRC) servers: s27.{BLOCKED}ids.su It joins any of the following IRC channel(s): ##ops It executes the following commands from
This is an AndroidOS malware with backdoor capabilities. It drops a file that creates an IRC connection where it receives commands, thus compromising the affected system's security for the user. It
unknowingly by users when visiting malicious sites. Backdoor Routine This backdoor connects to any of the following IRC server(s): x.{BLOCKED}shellz.net:25 It joins any of the following Internet Relay Chat (IRC
http://www.{BLOCKED}er-services.name/b.c Backdoor Routine This backdoor connects to any of the following IRC server(s): x.{BLOCKED}shellz.net:25 It joins any of the following Internet Relay Chat (IRC) channels:
Send raw IRC command Start remote shell NOTES: This backdoor changes its process name to apache2 and clears its command line. It creates and locks the file /tmp/.z to ensure that only one copy of itself
=SYSTEM.EXE ;{garbage} uSEAUTopLaY = 1 ;{garbage} ShElL\\\\\\eXpLorE\\\CoMmAnD=SYSTEM.EXE ;{garbage} Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}et.in It joins any of the
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It connects
This backdoor may be dropped by other malware. It executes when a user accesses certain websites where it is hosted. Arrival Details This backdoor may be dropped by other malware. It executes when a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It requires its main component to successfully perform
any of the following IRC server(s): irc.{BLOCKED}ka.co.vu:6667 It joins any of the following IRC channel(s): #berkah #neraka It executes the following command(s) from a remote malicious user: DNS lookup
{BLOCKED}.{BLOCKED}.202.28/.wp/sshd2 Backdoor Routine This Backdoor connects to any of the following IRC server(s): {BLOCKED}ers.ry:80 It joins any of the following IRC channel(s): #ssh It accesses a remote
Installation This worm drops the following component file(s): %Program Files%\Microsoft Office\OFFICE11\control.ini - IRC configuration file %Program Files%\Microsoft Office\OFFICE11\Drvics32.dll - network
\ Windows\CurrentVersion\Run Wincpa or Windongs = "{Malware Path and File Name}" Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.249.189:443 {BLOCKED}c.