Search
Keyword: IRC_ZAPCHAST.BI
commands from bot masters. IRC bots issue commands via IRC communication protocol to allow cybercriminals to can send commands to infected systems. These bots became rampant during the outbreak era . They
\ open\ddeexec\Application HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Cl4sses\ irc HKEY_LOCAL_MACHINE\Software
\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE\Software\Classes\ irc\Shell\open\ command HKEY_LOCAL_MACHINE\Software\Classes
This is involved in an exploit attack targeting a critical vulnerability of Ruby on Rails. It connects to an IRC server where it can receive and perform commands from remote malicious attackers, as
\ ChatFile\Shell\open\ ddeexec\ifexec HKEY_CURRENT_USER\Software\Classes\ ChatFile\Shell\open\ ddeexec\Topic HKEY_CURRENT_USER\Software\Classes\ irc HKEY_CURRENT_USER\Software\Classes\ irc\DefaultIcon
FAKEAV. SDBOT's backdoor capabilities allows other commands and functions to be performed on the infected computer. These commands may include: Check malware's status Disconnect the bot from IRC Generate a
FAKEAV. SDBOT's backdoor capabilities allows other commands and functions to be performed on the infected computer. These commands may include: Check malware's status Disconnect the bot from IRC Generate a
FAKEAV. SDBOT's backdoor capabilities allows other commands and functions to be performed on the infected computer. These commands may include: Check malware's status Disconnect the bot from IRC Generate a
irc.{BLOCKED}.net It joins any of the following IRC channel(s): #DL34k3rBn3t #secAssgdf It executes the following commands from a remote malicious user: attack - perform Denial of Service (DOS) attack to
This backdoor connects to specific IRC server and joins a particular IRC channel. It is capable of receiving and executing specific commands from the IRC server. This backdoor arrives on a system as
\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE\Software\Classes\ irc\Shell\open\ command HKEY_LOCAL_MACHINE\Software\Classes\ irc\Shell\open\ ddeexec HKEY_LOCAL_MACHINE
\ChatFile\Shell\ open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE
Backdoor does the following: perform DDOS flooding and using XMAS packets. Uses the IRC nickname with the following format: [NU|LNX|{composed of either F,T,H or U}]{random digit} Register itself in
\Microsoft\ Windows\CurrentVersion\Run Divx = "divwinx.exe" Backdoor Routine This Backdoor connects to any of the following IRC server(s): Irc.{BLOCKED}et.org pro.{BLOCKED}r.net It accesses a remote Internet
Upon execution, this backdoor connects to the Internet Relay Chat (IRC) server irc.2ch.net , where it joins the channel ##ReVoLuTiOn## . It opens the port TCP 6667 where it listens for remote
vexaa.{BLOCKED}th.cx It joins any of the following IRC channel(s): #kleber #kaiten #kromex #dlink #dlink_key Download Routine This backdoor downloads updated copies of itself from the following websites:
!killall - Terminate all Perl processes !reset - Reconnect to IRC server !jo - Join a channel !part - Leave a channel !nick - Change nickname !pid - Send fake process name and process ID ! - Execute a shell
This malware is an IRC (Internet Relay Chat) bot that leverages the Bash bug vulnerability, also known as Shellshock. To get a one-glance comprehensive view of the behavior of this Backdoor, refer to
following mutexes to ensure that only one of its copies runs at any one time: 0ze2thz285hezj1hG42 Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}n.{BLOCKED}eople.net It
" "winpass" "main" "lan" "internet" "intranet" "student" "teacher" "staff" Backdoor Routine This worm connects to any of the following IRC server(s): oak.{BLOCKED}me.net {BLOCKED}.{BLOCKED}.179.100 ringc.