[nsp-sec] Bitcoin Miner/BadMiner - Peer list
Gabriel Iovino
giovino at ren-isac.net
Wed Aug 31 08:35:50 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 8/30/2011 9:12 PM, Nicholas Ianelli wrote:
> Attached is the list of peers being circulated through the BadMiner
> malware (all IP addresses for the P2P comms).
ACK:
> 81 | 152.30.234.55 | 152.16.0.0/12 | US | arin | 1991-06-07 | NCREN - MCNC
> 81 | 152.30.234.55 | 152.16.0.0/12 | US | arin | 1991-06-07 | NCREN - MCNC
> 81 | 152.8.81.19 | 152.8.0.0/13 | US | arin | 1991-06-07 | NCREN - MCNC
> 81 | 152.8.81.246 | 152.8.0.0/13 | US | arin | 1991-06-07 | NCREN - MCNC
> 81 | 152.8.81.47 | 152.8.0.0/13 | US | arin | 1991-06-07 | NCREN - MCNC
> 81 | 152.8.88.209 | 152.8.0.0/13 | US | arin | 1991-06-07 | NCREN - MCNC
> 81 | 152.8.91.6 | 152.8.0.0/13 | US | arin | 1991-06-07 | NCREN - MCNC
> 3676 | 128.255.148.239 | 128.255.0.0/16 | US | arin | 1987-06-05 | UIOWA-AS - University of Iowa
> 3676 | 128.255.199.9 | 128.255.0.0/16 | US | arin | 1987-06-05 | UIOWA-AS - University of Iowa
and thanks for referencing the securelist article that gives a network
profile of a botted host.
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAk5eKqIACgkQwqygxIz+pTu2xQCeIwjwAKNP0toDQ+cZJFyK/Pxg
79wAn32+LPYLJ8gX1mFRtUf2SRmp/D84
=cYuJ
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list