Search
Keyword: IRC_ZAPCHAST.BI
unknowingly by users when visiting malicious sites. Backdoor Routine This backdoor connects to any of the following IRC server(s): x.{BLOCKED}shellz.net:25 It joins any of the following Internet Relay Chat (IRC
http://www.{BLOCKED}er-services.name/b.c Backdoor Routine This backdoor connects to any of the following IRC server(s): x.{BLOCKED}shellz.net:25 It joins any of the following Internet Relay Chat (IRC) channels:
propagate across networks: Vulnerability in Server Service Could Allow Remote Code Execution (958644) NOTES: This malware connects to a remote IRC server, once connected, it joins an IRC channel where it
Send raw IRC command Start remote shell NOTES: This backdoor changes its process name to apache2 and clears its command line. It creates and locks the file /tmp/.z to ensure that only one copy of itself
=SYSTEM.EXE ;{garbage} uSEAUTopLaY = 1 ;{garbage} ShElL\\\\\\eXpLorE\\\CoMmAnD=SYSTEM.EXE ;{garbage} Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}et.in It joins any of the
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It connects
This backdoor may be dropped by other malware. It executes when a user accesses certain websites where it is hosted. Arrival Details This backdoor may be dropped by other malware. It executes when a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It requires its main component to successfully perform
any of the following IRC server(s): irc.{BLOCKED}ka.co.vu:6667 It joins any of the following IRC channel(s): #berkah #neraka It executes the following command(s) from a remote malicious user: DNS lookup
{BLOCKED}.{BLOCKED}.202.28/.wp/sshd2 Backdoor Routine This Backdoor connects to any of the following IRC server(s): {BLOCKED}ers.ry:80 It joins any of the following IRC channel(s): #ssh It accesses a remote
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
Installation This worm drops the following component file(s): %Program Files%\Microsoft Office\OFFICE11\control.ini - IRC configuration file %Program Files%\Microsoft Office\OFFICE11\Drvics32.dll - network
\ Windows\CurrentVersion\Run Wincpa or Windongs = "{Malware Path and File Name}" Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.249.189:443 {BLOCKED}c.
\ Windows\CurrentVersion\Run Wincpa or Windongs = "{Malware Path and File Name}" Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.249.189:443 epic.dildoes.xxx
Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}6.{BLOCKED}rog.su {BLOCKED}4.{BLOCKED}ore.su {BLOCKED}8.{BLOCKED}ore.su {BLOCKED}6.{BLOCKED}ore.su {BLOCKED}0.{BLOCKED
=Open shell\open\command=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\unek.exe shell\open\default=1 Backdoor Routine This worm connects to any of the following IRC server(s): unek.{BLOCKED
connects to any of the following Internet Relay Chat (IRC) servers: exploited.lsass.org:19899 It joins any of the following IRC channel(s): ##lsass# It executes the following command(s) from a remote
This Trojan is a configuration file dropped by variants of WORM_QAKBOT malware. It contains the following information: URL where it can download an updated copy of its configuration file. FTP and IRC
worm listens on the following port(s): TCP 18631 It connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.174.3 It joins any of the following Internet Relay Chat (IRC) channels: #l4mer#
It receives commands from a remote malicious user via IRC. These commands are executed on the affected system. However, as of this writing, the said servers are inaccessible. This worm arrives via