Last Seen | IP (info link) | Country | Port | Source/Associated malware | MD5 | Domain/URL | Reverse | Contagio |
---|---|---|---|---|---|---|---|---|
2010-Aug-19 2010-May-13 | 202.175.83.10 | Macau | 8000 443 | irmon32.dll ("Infrared Monitor" srvc) rasauto16.dll (Remote Access Auto Connection Manager srvc) | irmon32.dll 1966B265272E1660E6F340B19A7E5567 rasauto16.dll 15138604260b1d27f92bf1ec6468b326 | All are hardcoded in dll hxxp://sync.ns06.net/expirat/billing.htm | z83l10.static.ctm.net | Backdoor services |
2010-May-13 | 202.153.103.83 | Hong Kong | 443 | rasauto32.dll (Remote Access Auto Connection Manager srvc) | 995b44ef8460836d9091a8b361fde489 | beta.nethost.hk | Backdoor services | |
2010-Aug-19 | 64.184.2.11 | USA | 443 | sap.dll (SAP Agent srvc or NWSapagent) | 795B5E3E3D6C25B007498203A62693FA | |||
2010-Aug-19 | 63.134.215.218 | USA | 443 | sap.dll (SAP Agent srvc or NWSapagent) | F2A4B2F4A3EDFF07155C4F238240F40D | |||
2010-Aug-19 2010-May-13 | 202.175.83.10 | Macau | 8000 443 | irmon32.dll ("Infrared Monitor" srvc) rasauto16.dll (Remote Access Auto Connection Manager srvc) | irmon32.dll 1966B265272E1660E6F340B19A7E5567 rasauto16.dll 15138604260b1d27f92bf1ec6468b326 |
All are hardcoded in dll
hxxp://sync.ns06.net/expirat/billing.htm | z83l10.static.ctm.net | Backdoor services |
2010-Aug-24 | 211.234.11.125 72.167.62.13 | Republic of Korea GoDaddy, USA | 443 ? | irmon32.dll ("Infrared Monitor" srvc) | irmon32.dll E66DD357A6DFA6EBD15358E565E8F00F C75D351D86DE26718A3881F62FDDDE99 |
All are is hardcoded in dll:
navl.oTZO.com (aug30)
grey.qHigh.com (it .-aug31)
2010)-- 211.234.11.125
atures.gotdns.com (aug30)
ccoun.dnsalias.org (agu31)-- (72.167.62.13) | 211-234-111-125.kidc.net ip-72-167-62-13.ip. secureserver.net |
Pages
▼
Monday, August 30, 2010
APT IPs and Domains
From malware analysis, compromised systems, internet research and reader submissions
No comments:
Post a Comment