[nsp-sec] Large mirai-variant - null routing and cleanup requested
Benjamin, Mike
Mike.Benjamin at centurylink.com
Wed Dec 6 02:16:30 EST 2017
On Dec 5, 2017, at 10:42 PM, Hank Nussbacher <hank at efes.iucc.ac.il<mailto:hank at efes.iucc.ac.il>> wrote:
----------- nsp-security Confidential --------
On 06/12/2017 02:52, Benjamin, Mike wrote:
Due to the swift nature this botnet was built and its large size we've decided to pre-emptively null route the C2 hosted at 95.211.123[.]69. This null route is active in AS3356, 209 and 3549. We'd encourage any other operators to assist as well. Multiple groups have requested a takedown of the VM through LeaseWeb, and we're awaiting their assistance to complete the takedown.
I think the above paragraph should have been marked TLP:Red. Correct?
Hank,
If it helps to get further buy-in on minimizing the threat then folks are welcome to share our involvement and action.
TLP: Amber is fine.
-Hank
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net<mailto:nsp-security at puck.nether.net>
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
More information about the nsp-security
mailing list