[nsp-sec] IRC C&C at AS6746 and AS23383
Tim Wilde
twilde at cymru.com
Tue Mar 9 15:44:56 EST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 3/9/2010 3:25 PM, Carles Fragoso wrote:
> During an infection investigation, we have identified two IRC C&C servers located at AS6746 (ASTRAL Romania) and AS23383 (METRORED Honduras).
>
>> ##!woot land.of.coon
>> 78.97.55.99 tcp/6900
>> 190.4.7.85 tcp/6900
>
>> AS | IP | AS Name
>> 6746 | 78.97.55.99 | ASTRAL UPC Romania Srl, Romania
>> 23383 | 190.4.7.85 | METRORED S.A. DE C.V.
>
> We do not have the malware artifact yet but it seems to be related with the other posts I performed several days ago.
Hey Carles & Teams,
78.97.55.99 doesn't appear to be live on TCP/6900 right now (at least
not from our point of view), but I was able to confirm 190.4.7.85 and
it's been added to the DDoS-RS. No malware samples with flows to either
of those IPs in our malware menagerie.
Regards,
Tim
- --
Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-630-230-5433 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAkuWs0gACgkQluRbRini9tiK+wCcD66K9DwSVWwVTAWonZtUwBvD
+0MAniKwOSCej38y1g+Rm5ZW7L7U2mWd
=0SG4
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list