[nsp-sec] IRC C&C at AS6746 and AS23383
Carles Fragoso
cfragoso at cesicat.cat
Tue Mar 9 15:25:10 EST 2010
Hi,
During an infection investigation, we have identified two IRC C&C servers located at AS6746 (ASTRAL Romania) and AS23383 (METRORED Honduras).
> ##!woot land.of.coon
> 78.97.55.99 tcp/6900
> 190.4.7.85 tcp/6900
> AS | IP | AS Name
> 6746 | 78.97.55.99 | ASTRAL UPC Romania Srl, Romania
> 23383 | 190.4.7.85 | METRORED S.A. DE C.V.
We do not have the malware artifact yet but it seems to be related with the other posts I performed several days ago.
Regards,
-- Carlos
More information about the nsp-security
mailing list