[nsp-sec] ACK - black energy botnet
Rodolfo Baader
rbaader at arcert.gov.ar
Fri Jul 3 17:12:43 EDT 2009
Hi!
ACK for AR ASNs:
3549
7303
10318
10481
11315
11664
16814
19037
20207
22927
27960
Notifications were sent to the abuse/noc departments.
BTW, the CC information of the record:
28049 | 190.98.129.246 | AR | 1246579963 xFAMILIA-E442C93_C4C28DA2 | ISP
SOLUTIONS S.A.
is wrong. Neither the ASN, nor the IP belongs to Argentina. According the Whois
are located in GT (Guatemala) !
*--------------------------------
Details:
#TOTAL ASN Argentina: 11
#TOTAL IPS Argentina: 104
31 7303
20 22927
18 10318
9 19037
9 10481
8 3549
3 16814
2 20207
2 11315
1 27960
1 11664
R.
Dirk Stander wrote:
> ----------- nsp-security Confidential --------
>
>
>
> ------------------------------------------------------------------------
>
> Hi,
>
> please find attached a list of drones of a black energy ddos botnet.
> The format is:
> <ASN> | <IP> | <CC> | <epoch last seen> <uniq bot id> | <AS name>
> (the bot id seems to contain the windows computer name.)
>
> kind regards, Dirk Stander (1&1) :.
>
>
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list