[nsp-sec] Large mirai-variant - null routing and cleanup requested
Hank Nussbacher
hank at efes.iucc.ac.il
Wed Dec 6 00:40:34 EST 2017
On 06/12/2017 02:52, Benjamin, Mike wrote:
> Due to the swift nature this botnet was built and its large size we've decided to pre-emptively null route the C2 hosted at 95.211.123[.]69. This null route is active in AS3356, 209 and 3549. We'd encourage any other operators to assist as well. Multiple groups have requested a takedown of the VM through LeaseWeb, and we're awaiting their assistance to complete the takedown.
I think the above paragraph should have been marked TLP:Red. Correct?
-Hank
More information about the nsp-security
mailing list