[nsp-sec] spyeye infected drones
Gabriel Iovino
giovino at ren-isac.net
Thu Mar 17 11:28:10 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 3/17/2011 10:18 AM, Dirk Stander wrote:
> please find attached a list of drones, which contacted one of the
> domains mentioned here:
ACK:
> AS | IP Address
> 2 | 128.4.214.213
> 3 | 18.187.3.59
> 9 | 128.237.233.93
> 12 | 216.165.126.117
> 17 | 128.211.204.187
> 17 | 128.46.221.150
> 17 | 128.46.221.92
> 20 | 128.151.25.225
> 25 | 128.32.196.238
> 25 | 169.229.122.72
> 26 | 128.84.69.122
> 27 | 129.2.129.162
> 29 | 128.36.172.220
> 32 46749 | 128.12.94.138
> 38 | 192.17.167.29
> 46 | 198.151.130.1
> 47 | 128.125.144.101
> 47 | 128.125.144.142
> 47 | 128.125.47.30
> 47 | 68.181.184.28
> 55 | 128.91.215.145
> 55 | 130.91.58.11
> 55 | 165.123.210.254
> 59 | 146.151.116.76
> 73 | 128.208.49.228
> 73 | 128.208.53.135
> 73 | 128.208.55.85
> 73 | 205.175.114.191
> 73 | 205.175.115.35
> 73 | 69.91.131.134
> 81 | 150.216.15.138
> 81 | 150.216.225.120
> 81 | 152.10.218.145
> 81 | 152.10.96.226
> 81 | 152.14.223.121
> 81 | 152.17.119.242
> 81 | 152.19.41.217
> 81 | 152.23.100.40
> 81 | 152.23.149.64
> 81 | 152.23.17.120
> 81 | 152.26.15.10
> 81 | 152.26.29.100
> 81 | 152.26.31.253
> 81 | 152.26.32.1
> 81 | 152.26.38.7
> 81 | 152.26.39.7
> 81 | 152.27.40.2
> 81 | 152.33.60.242
> 81 | 152.33.71.13
> 81 | 152.4.23.216
> 81 | 198.86.109.253
> 81 | 198.86.53.65
> 81 | 204.85.78.43
> 88 | 140.180.2.40
> 103 | 165.124.141.152
> 103 | 165.124.143.131
> 104 | 128.138.65.162
> 111 | 128.197.130.16
> 131 | 169.231.8.43
> 159 | 164.107.120.92
> 160 | 128.135.175.198
> 174 | 138.123.196.31
> 174 | 216.228.136.25
> 174 | 216.228.136.29
> 174 21976 | 131.125.129.20
> 209 | 168.200.2.1
> 210 | 137.190.102.174
> 210 | 204.113.97.47
> 210 | 205.119.117.178
> 210 | 205.125.173.140
> 210 | 205.127.126.123
> 210 | 205.127.249.80
> 225 | 137.54.12.238
> 225 | 137.54.161.78
> 225 | 137.54.27.195
> 237 | 141.216.89.99
> 237 | 141.217.175.24
> 237 | 141.218.214.21
> 237 | 141.218.229.139
> 237 | 141.219.193.70
> 237 | 141.219.237.54
> 237 | 148.61.238.217
> 237 | 164.76.164.254
> 237 | 198.109.50.136
> 237 | 204.39.16.253
> 237 | 204.39.36.122
> 237 | 204.39.70.62
> 237 | 35.11.240.190
> 237 | 35.11.33.61
> 239 | 128.100.162.252
> 239 | 128.100.39.140
> 239 | 142.1.219.74
> 239 | 142.1.248.35
> 239 | 142.1.87.193
> 239 | 142.150.103.184
> 239 | 142.150.98.173
> 271 | 128.189.190.142
> 271 | 128.189.242.106
> 271 | 137.82.79.20
> 376 | 132.204.237.42
> 376 | 132.204.238.68
> 376 | 132.208.25.156
> 376 | 132.216.11.75
> 376 | 132.216.21.174
> 589 | 129.120.87.97
> 600 | 131.187.253.138
> 600 | 198.30.217.220
> 600 | 205.133.188.156
> 600 | 205.133.211.107
> 600 3112 | 140.141.130.79
> 693 | 66.254.227.26
> 701 | 206.208.133.161
> 802 | 130.63.229.207
> 1201 | 128.82.36.250
> 1239 | 208.7.157.62
> 1252 | 137.197.239.15
> 1252 | 137.197.57.189
> 1312 | 198.82.120.186
> 1312 | 198.82.60.193
> 1351 | 132.198.90.91
> 1736 | 134.48.78.196
> 1742 | 128.103.197.199
> 1761 | 204.64.182.252
> 1767 | 159.218.54.163
> 1767 | 199.8.158.93
> 1767 | 199.8.28.9
> 1785 | 192.152.29.110
> 1968 | 134.241.2.60
> 1968 | 146.189.98.73
> 1970 | 129.207.191.242
> 1970 | 129.207.73.87
> 1970 | 139.94.157.226
> 1970 | 139.94.165.19
> 1998 | 134.29.21.75
> 1998 | 199.17.55.141
> 1998 | 199.17.71.44
> 1998 | 204.77.37.158
> 1998 | 204.77.44.50
> 2025 | 131.183.245.68
> 2025 | 131.183.250.154
> 2055 | 130.39.40.225
> 2055 | 173.253.144.221
> 2152 | 129.65.240.243
> 2152 | 130.166.216.193
> 2152 | 130.166.218.254
> 2152 | 130.166.30.120
> 2152 | 130.166.33.147
> 2152 | 130.17.63.24
> 2152 | 130.65.157.129
> 2152 | 130.86.116.53
> 2152 | 130.86.118.15
> 2152 | 130.86.149.37
> 2152 | 165.196.0.11
> 2152 | 198.188.7.150
> 2152 | 198.189.111.151
> 2152 | 198.189.140.62
> 2152 | 198.189.228.4
> 2152 | 198.189.251.26
> 2152 | 204.102.2.151
> 2152 | 205.154.156.21
> 2152 | 207.233.29.3
> 2152 | 207.233.8.2
> 2152 | 207.62.246.81
> 2152 | 207.62.81.2
> 2152 | 209.129.161.251
> 2152 | 209.129.165.18
> 2152 | 209.129.173.39
> 2381 | 140.146.220.241
> 2381 | 140.146.224.72
> 2381 | 140.146.99.122
> 2381 | 198.150.52.227
> 2381 | 205.213.255.51
> 2381 | 216.56.12.50
> 2381 | 216.56.13.170
> 2381 | 216.56.240.35
> 2381 | 216.56.60.3
> 2381 | 216.56.8.66
> 2381 | 216.56.88.226
> 2496 | 129.237.10.73
> 2496 | 129.237.153.56
> 2496 | 129.237.158.46
> 2496 | 129.237.56.4
> 2496 | 129.237.62.214
> 2553 | 128.186.168.47
> 2572 | 198.209.13.253
> 2572 | 198.209.32.252
> 2637 | 143.215.130.104
> 2637 | 143.215.130.105
> 2637 | 143.215.130.125
> 2698 | 129.186.177.177
> 2900 | 206.207.158.63
> 2901 | 198.59.191.11
> 2920 | 156.3.62.9
> 2939 | 167.7.40.3
> 3112 | 129.1.193.160
> 3112 | 129.1.199.248
> 3112 | 206.244.128.207
> 3112 | 206.244.45.1
> 3356 | 192.240.83.49
> 3356 22192 | 158.83.116.88
> 3356 22192 | 158.83.123.229
> 3356 22192 | 158.83.123.44
> 3359 | 129.128.242.30
> 3464 | 198.180.134.245
> 3464 | 198.200.158.137
> 3464 | 204.29.115.188
> 3464 | 207.157.31.34
> 3464 | 216.109.13.82
> 3479 | 130.218.13.36
> 3479 | 141.165.16.217
> 3479 | 158.93.6.11
> 3479 | 160.10.170.60
> 3479 | 168.22.17.174
> 3479 | 168.26.186.254
> 3479 | 168.28.128.78
> 3479 | 168.30.243.157
> 3512 | 170.140.199.142
> 3681 | 131.94.162.32
> 3685 | 128.205.145.21
> 3685 | 128.205.92.157
> 3777 | 165.82.70.99
> 3778 | 129.32.104.252
> 3778 | 129.32.16.64
> 3851 | 131.216.14.1
> 3851 | 131.216.48.250
> 3912 | 198.59.190.201
> 4130 | 130.49.24.121
> 4172 | 147.72.67.195
> 4323 | 149.69.67.49
> 5078 | 139.78.45.160
> 5078 | 156.110.207.210
> 5078 | 156.110.27.46
> 5078 | 164.58.48.9
> 5090 | 199.184.205.90
> 5653 | 128.218.81.76
> 5653 | 64.54.113.118
> 5661 | 131.247.83.180
> 5718 | 209.80.152.2
> 5723 | 162.129.251.63
> 5723 | 162.129.44.121
> 5739 | 169.233.199.152
> 5739 | 169.233.215.92
> 5786 | 136.145.183.9
> 5786 | 136.145.225.2
> 5786 | 136.145.245.143
> 6059 | 131.118.229.4
> 6059 | 136.160.170.34
> 6074 | 148.4.12.21
> 6106 | 138.23.182.136
> 6106 | 169.235.6.222
> 6106 | 169.235.73.164
> 6106 | 169.235.81.243
> 6106 | 169.235.90.146
> 6122 | 205.221.255.62
> 6122 | 207.28.121.253
> 6128 | 149.72.57.15
> 6192 | 128.120.166.234
> 6192 | 128.120.186.184
> 6192 | 169.237.10.220
> 6200 | 128.248.101.21
> 6200 | 128.248.202.42
> 6200 | 131.193.177.169
> 6263 19530 | 134.129.9.141
> 6263 19530 | 165.234.184.28
> 6325 | 207.246.189.247
> 6325 | 207.63.110.36
> 6325 | 207.63.131.2
> 6325 | 209.174.109.140
> 6325 | 209.174.244.2
> 6325 | 209.174.51.20
> 6325 | 209.7.221.194
> 6325 | 216.124.102.3
> 6325 | 66.158.91.34
> 6325 | 66.99.149.246
> 6325 | 66.99.224.226
> 6356 | 159.178.247.92
> 6360 | 132.160.237.200
> 6360 | 166.122.101.4
> 6360 | 166.122.11.2
> 6360 | 166.122.134.202
> 6377 | 158.165.52.161
> 6389 | 198.51.92.230
> 6389 | 198.99.190.205
> 6492 | 205.153.156.221
> 6522 | 128.180.137.51
> 6522 | 128.180.184.162
> 6912 | 150.176.64.163
> 7018 | 12.199.54.126
> 7018 | 12.45.128.3
> 7050 | 129.89.191.38
> 7050 | 129.89.26.109
> 7202 | 168.223.205.183
> 7212 | 160.129.132.122
> 7272 | 147.72.67.66
> 7386 | 138.87.143.186
> 7774 | 137.229.229.164
> 7795 | 199.242.209.5
> 7925 | 129.71.207.26
> 7925 | 168.216.158.206
> 7925 | 168.216.159.22
> 7925 | 168.216.16.50
> 7925 | 168.216.198.43
> 7925 | 168.216.211.215
> 7925 | 168.216.222.28
> 7925 | 168.216.231.50
> 7925 | 168.216.40.15
> 7925 | 168.216.96.102
> 7925 12118 | 157.182.105.1
> 7925 12118 | 157.182.196.216
> 7925 12118 | 157.182.80.12
> 7939 | 132.170.41.122
> 8103 | 150.176.253.2
> 8103 | 150.176.27.73
> 8103 | 150.176.57.250
> 8103 | 169.139.180.100
> 8103 | 169.139.190.4
> 8111 | 140.184.128.98
> 10349 | 129.81.75.188
> 10349 | 129.81.88.199
> 10430 | 168.156.185.35
> 10430 | 169.204.173.156
> 10430 | 169.204.239.26
> 10430 | 169.204.239.34
> 10430 | 216.186.42.194
> 10430 | 66.96.68.196
> 10430 | 66.96.79.214
> 10430 | 69.56.122.44
> 10430 | 69.56.127.193
> 10437 | 128.163.30.81
> 10448 | 153.104.123.58
> 10448 | 153.104.133.121
> 10448 | 153.104.166.112
> 10448 | 153.104.175.76
> 10508 | 130.184.233.167
> 10546 | 130.18.225.242
> 10674 | 150.104.203.9
> 10849 | 144.162.186.21
> 10849 | 144.162.205.62
> 10955 | 149.151.163.61
> 11039 | 128.164.218.253
> 11050 | 131.123.149.122
> 11050 | 131.123.213.142
> 11050 | 131.123.24.172
> 11078 | 138.16.4.104
> 11094 | 130.219.235.244
> 11214 | 139.62.133.108
> 11252 | 134.50.10.66
> 11252 | 134.50.78.79
> 11279 | 129.174.190.121
> 11293 | 128.48.37.221
> 11293 | 128.48.9.177
> 11318 | 141.161.238.135
> 11351 | 137.36.110.82
> 11351 | 149.84.161.45
> 11351 | 151.103.225.50
> 11482 | 138.92.241.41
> 11482 | 138.92.76.85
> 11686 | 165.138.230.3
> 11686 | 165.139.202.70
> 11686 | 165.139.246.94
> 11686 | 207.191.186.2
> 11714 | 144.216.216.234
> 11714 | 64.89.57.146
> 11714 | 72.15.173.253
> 11773 | 143.111.80.27
> 11872 | 128.230.9.22
> 11995 | 137.53.241.11
> 11995 | 137.53.62.71
> 12005 | 129.252.109.23
> 12145 | 129.82.37.232
> 13327 | 157.89.214.158
> 13371 | 152.16.229.181
> 13759 | 146.94.139.1
> 13783 | 137.45.48.16
> 14041 | 128.198.44.35
> 14041 | 147.153.137.205
> 14212 | 205.155.15.223
> 14325 | 198.7.239.36
> 14325 | 66.181.225.204
> 14373 | 129.109.104.193
> 14373 | 129.109.28.124
> 14448 | 192.154.47.18
> 14655 | 137.198.234.120
> 14655 | 137.198.25.73
> 14655 | 137.198.76.184
> 14742 | 205.172.21.53
> 14834 | 69.67.123.158
> 14863 | 67.51.164.100
> 15166 | 159.91.142.254
> 15199 | 67.201.206.175
> 15243 | 147.31.184.143
> 15318 | 132.216.67.172
> 15318 | 142.157.20.80
> 15336 | 192.231.160.6
> 15337 | 157.178.2.1
> 16430 | 131.95.221.248
> 16462 | 142.104.167.15
> 16462 | 142.104.186.229
> 16643 | 128.172.50.79
> 17031 | 152.22.0.252
> 17055 | 155.100.143.171
> 17089 | 205.142.197.68
> 17135 | 64.247.101.148
> 17202 | 69.88.160.1
> 17202 | 69.88.160.3
> 18564 | 149.68.106.37
> 18564 | 149.68.32.75
> 19184 | 137.28.109.125
> 19184 | 137.28.182.225
> 19530 | 165.234.1.9
> 19564 | 138.47.91.198
> 19927 | 216.7.233.92
> 19933 | 136.183.82.177
> 19956 | 173.233.220.17
> 19956 | 173.233.221.75
> 19956 | 198.146.148.166
> 19956 27422 | 173.233.202.110
> 19956 27422 | 173.233.228.183
> 19956 27422 | 173.233.228.69
> 19956 27422 | 173.233.229.147
> 19956 27422 | 173.233.240.203
> 19956 27422 | 173.233.246.46
> 19957 46512 | 165.6.93.247
> 20243 | 146.226.39.34
> 21582 | 134.114.223.111
> 21852 | 150.208.96.130
> 21852 | 170.94.69.146
> 21976 | 130.156.22.254
> 21976 | 130.156.24.211
> 21976 | 130.156.46.252
> 22068 | 64.17.208.71
> 22192 | 148.137.240.251
> 22192 | 151.161.236.63
> 22192 | 157.160.141.51
> 22192 | 166.66.178.37
> 22192 | 205.149.70.145
> 22192 | 205.149.72.80
> 22192 | 205.149.72.96
> 22700 | 138.202.47.238
> 22742 | 129.133.43.237
> 22742 | 137.99.175.185
> 22742 | 155.37.152.57
> 22742 | 155.37.152.58
> 22742 | 157.252.136.165
> 22742 | 64.251.48.194
> 22742 | 64.251.51.2
> 22742 | 64.251.52.247
> 22742 | 64.251.53.213
> 22742 | 64.251.55.162
> 22742 | 64.251.55.196
> 22742 | 72.10.102.172
> 22742 | 72.10.124.29
> 22742 | 72.10.127.162
> 22834 | 136.167.92.97
> 22845 | 164.106.142.178
> 22845 | 164.106.16.101
> 22845 | 164.106.249.254
> 22925 | 138.238.233.14
> 23030 | 216.145.187.62
> 23323 | 192.235.8.2
> 23341 | 143.55.120.96
> 23504 | 35.11.164.6
> 23504 | 35.11.180.29
> 23504 | 35.11.221.107
> 23504 | 35.32.146.103
> 23504 | 35.8.119.29
> 25691 | 149.152.132.27
> 25691 | 149.152.191.3
> 25691 | 149.152.192.226
> 25691 | 149.152.60.28
> 25969 | 165.134.150.78
> 25978 | 144.74.105.86
> 25978 | 144.74.162.87
> 26002 | 192.195.100.26
> 26206 | 142.3.65.165
> 26783 | 140.198.138.202
> 26827 | 216.229.233.237
> 26934 | 161.130.180.175
> 27026 | 167.102.228.20
> 29384 | 192.195.93.61
> 30408 | 147.97.170.110
> 30408 | 147.97.182.59
> 30674 | 129.62.200.175
> 30679 | 134.71.144.243
> 31822 | 149.4.115.3
> 31822 | 163.238.77.51
> 31822 | 199.219.144.51
> 31828 | 149.150.236.120
> 31828 | 149.150.237.59
> 31886 | 131.104.139.204
> 31886 | 131.104.254.64
> 31967 | 163.118.158.253
> 32064 | 147.9.73.113
> 32071 | 161.6.149.69
> 32071 | 161.6.22.8
> 32082 | 207.206.239.52
> 32234 | 131.238.210.203
> 32417 | 152.33.61.32
> 32480 | 151.112.28.107
> 32531 | 150.108.61.125
> 32654 | 69.38.205.6
> 32666 | 129.22.71.159
> 32703 | 137.112.173.58
> 32733 | 64.93.242.212
> 32818 | 137.148.216.103
> 33091 | 136.159.250.102
> 33170 | 158.103.0.1
> 33255 | 72.10.243.142
> 33321 | 144.126.122.32
> 33503 | 141.106.47.59
> 33670 | 137.52.255.89
> 33670 | 137.52.37.242
> 36375 | 141.212.132.118
> 36375 | 141.214.17.4
> 36375 | 67.194.84.22
> 36441 | 128.192.22.89
> 36850 | 152.23.227.193
> 46149 | 208.96.144.20
> 46149 | 208.96.153.159
> 46476 | 66.230.17.81
> 46905 | 129.63.200.70
Thank you!
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk2CKIoACgkQwqygxIz+pTs6qwCfXZ/nk++WA4Pk2w6bPizBgT3I
IDsAoIJq+NH1TaDNm3RSKSntCbcRTeZq
=zkHO
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list