[nsp-sec] Monkif C2 - AS33837 Peers: AS21202 and AS30912 - little help please?
Tomas Lund
tlund at swip.net
Thu Nov 26 04:33:17 EST 2009
On Wed, 25 Nov 2009, Nicholas Ianelli wrote:
> ----------- nsp-security Confidential --------
>
> Folks,
>
> There is a patterns of behavior that has really become annoying. The
> Monkif family of malware has been leveraging a variety of .BIZ domains
> for it's C2. Despite them being taken down, they continue to use them,
> but they also use the same back-end hosts: 88.80.7.152 and 88.80.5.3
I have a routing-contact at PRQ, not really involved in a abuse i think,
but better than nothing. I have alerted him to the fact that these hosts
are involved in malware distribution.
PRQ:s upstream (DCS) recently went bankrupt and was bought up by a
different company. Contact with them has been .. problematic since.
Best regards,
Tomas Lund
AS1257
More information about the nsp-security
mailing list