OPTIONAL: Sandbox IRC Report

LAST UPDATED:  2021-04-01

OPTIONAL REPORT

This report is optional, you need to explicitly request it.

This report is a summary of all the IRC based networks that were seen by the sandbox systems in the last 24 hours.

Fields

  • md5hash
    MD5 has of the binary that was run
  • server_inet
    IP address of the C&C the binary contacted
  • server_fqdn
    Reverse DNS of the C&C IP
  • port
    IRC Port used by the C&C
  • server_pass
    IRC server password for the C&C
  • nick
    IRC NICK used by the binary
  • user
    IRC User string used
  • channel
    Channel joined by the binary
  • channel_pass
    Channel password used to gain access
  • ctcp_version
    IRC VERSION reply for the binary
  • user_mode
    IRC User mode used by the binary

Sample

"md5hash","server_inet","server_fqdn","port","server_pass","nick","user","channel","channel_pass","ctcp_version","user_mode"
"005add54f87fb87ea5f668803da1cf67","115.126.2.121","proxim.ircgalaxy.pl",80,"","qvdtrwbl","g020501 . . :\%4c516f62f Service Pack 2","&virtu","","",""
"008cda9bdb7d84f363e3199e92582981","115.126.2.121","proxim.ircgalaxy.pl",80,"","vjigpzqo","q020501 . . :\%4c516f62f Service Pack 2","&virtu","","",""
"00c6be476ad82b45f0da1438ff735655","115.126.2.121","proxim.ircgalaxy.pl",80,"","tutucord","u020501 . . :\%4c516f62f Service Pack 2","&virtu","","",""
"01f5ef1b84bf97af79d010a1032b0d38","115.126.2.121","proxim.ircgalaxy.pl",65520,"","weyoivmj","v020501 . . :-Service Pack 2","&virtu","","",""
"02c950fe456da41655dd354f1259c49c","115.126.2.121","proxim.ircgalaxy.pl",80,"","hsvjzgch","b020501 . . :\%4c516f62f Service Pack 2","&virtu","","",""
"04976a86712007dc5b45422d15edfe54","115.126.2.121","proxim.ircgalaxy.pl",80,"","ptalsief","h020501 . . :\%4c516f62f Service Pack 2","&virtu","","",""
"049907386d4a807a4793f0fa4ceef9e4","115.126.2.121","proxim.ircgalaxy.pl",80,"","lmuyfksk","y020501 . . :\%4c516f62f Service Pack 2","&virtu","","",""
"06e477a7323db1b8ce6181caae2930a2","72.10.172.218","",8492,"","cPmkMRxM","zdazfv zdazfv zdazfv :cyonbexvsmutdedj","##russia##","","",""
"06e77655c447b097cd9ff31daf90b0c0","115.126.2.121","proxim.ircgalaxy.pl",80,"","zlyfyhed","h020501 . . :\%4c516f62f Service Pack 2","&virtu","","",""
"074ceb7e626a43ab8337ba812173304f","85.197.99.217","",21,"","USA|00|XP|SP2|2640625","jevltop 0 0 :USA|00|XP|SP2|2640625","#coon","","",""
"07645465a68e9a95114e132240736a0b","115.126.2.121","proxim.ircgalaxy.pl",65520,"","denfuxkm","w020501 . . :-Service Pack 2","&virtu","","",""
"07a57893b13b3392d0c74d42bdf817fd","115.126.2.121","proxim.ircgalaxy.pl",80,"","csbjowlw","p020501 . . :\%4c516f62f Service Pack 2","&virtu","","",""

Our 135 Report Types

« Back to Network Reporting

Shadowserver uses cookies to gather analytics. This allows us to measure how the site is used and improve the experience for our users. For more information about cookies and how Shadowserver uses them, see our privacy policy. We need your consent to use cookies in this way on your device.