[nsp-sec] mariposa botnet drones
Dirk Stander
dst+nsp-sec at glaskugel.org
Fri Sep 25 10:39:59 EDT 2009
Hi,
I've uploaded a list of ~20k drone IPs, which were in the last 4 hours
beaconing to some C&Cs as described here:
http://defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html
Some of the destination ports used in the c&c communication
are: 5907 1111 2222 3333 4444 5555 1234 7007 7008 protocol UDP
the complete list:
https://asn.cymru.com/nsp-sec/upload/1253885710.whois.txt
Attached is a summary by IP count and ASN.
cheers, Dirk Stander (1&1) :.
-------------- next part --------------
7161 9829
2662 18101
1402 17557
1253 4788
966 17803
939 17488
612 45271
511 10199
385 17858
375 17762
315 9318
305 9329
260 45841
256 38264
204 38266
201 17908
159 18002
142 38616
125 38710
104 4766
99 23752
83 9260
69 9299
69 24326
68 4755
64 45415
57 45194
45 38547
42 45528
42 38550
32 3786
32 17465
31 38457
31 24378
31 18001
30 13188
27 45758
27 24560
27 23860
26 10081
23 23750
22 47165
20 45629
19 23693
18 9737
18 17563
17 45488
16 45775
15 4134
14 9845
14 4795
14 38552
14 24186
14 17839
13 4804
13 18403
13 17849
13 17598
12 9943
12 9506
11 38861
11 38721
11 38193
11 17871
10 9497
10 38571
10 23772
10 23674
9 4773
9 38207
8 9689
8 7552
8 23888
7 9964
7 38444
7 37986
7 10037
6 9874
6 4775
6 38661
6 18313
6 17552
5 9697
5 9658
5 9241
5 7643
5 45661
5 45433
5 45335
5 31272
5 10091
4 7623
4 45774
4 45487
4 45451
4 45117
4 38426
4 38182
4 30722
4 17608
3 9808
3 9762
3 7562
3 7545
3 6648
3 4837
3 4808
3 3758
3 3462
3 23944
3 18302
2 NA
2 9976
2 9971
2 9683
2 5087
2 4812
2 4613
2 45773
2 45374
2 4007
2 38798
2 38669
2 38666
2 37903
2 24342
2 24016
2 23685
2 23563
2 10066
1 9946
1 9806
1 9782
1 9686
1 9569
1 9319
1 7622
1 45242
1 38808
1 38684
1 38558
1 38109
1 38098
1 34881
1 24550
1 24444
1 23570
1 18359
1 18310
1 17639
1 17633
1 17451
1 15709
1 13118
1 10155
1 10088
1 10036
More information about the nsp-security
mailing list