More information is being sent out via our alert feed to our paid subscribers.
UPDATE: Updated indicators have been rolled out to our client systems. If you see any indicators triggering with "BOTLICK" as the alert type page our on call contact specified in your contract. We would love to catch an active client so we can determine the initial infection vectors.
ADDITIONAL INDICATORS:
If you see encrypted traffic going to any of the following IP addresses please check your source for processes that should not be running. This is affecting Windows 7 and Windows 8 PC's.
179.111.212.221
81.149.12.77
89.156.44.210
38.108.61.227
37.110.214.124
86.126.135.242
112.211.182.241
125.62.97.218
95.31.88.21
112.198.90.89 - Additional C+C Detected
36.79.181.47 - Additional C+C Detected
190.107.244.151 - C+C
80.82.64.201 - C+C
ADDITIONAL DETAILS:
Our security analyst have been able to determine that there are at least 300+ host connected to the last indicator 36.79.171.47. We were able to pull in some additional data from our partners honeypots and network sensors to get a rough count of the activity level going to this system.
UPDATE: We are also seeing large numbers of connections to 80.82.64.201 as well.
The system appears to be in Indonesia and is connected via cable modem. We are actively working with the ISP to see if they can provide any additional details.
UPDATES MOVED TO MAILING LIST
UPDATE: Updated indicators have been rolled out to our client systems. If you see any indicators triggering with "BOTLICK" as the alert type page our on call contact specified in your contract. We would love to catch an active client so we can determine the initial infection vectors.
ADDITIONAL INDICATORS:
If you see encrypted traffic going to any of the following IP addresses please check your source for processes that should not be running. This is affecting Windows 7 and Windows 8 PC's.
179.111.212.221
81.149.12.77
89.156.44.210
38.108.61.227
37.110.214.124
86.126.135.242
112.211.182.241
125.62.97.218
95.31.88.21
112.198.90.89 - Additional C+C Detected
36.79.181.47 - Additional C+C Detected
190.107.244.151 - C+C
80.82.64.201 - C+C
ADDITIONAL DETAILS:
Our security analyst have been able to determine that there are at least 300+ host connected to the last indicator 36.79.171.47. We were able to pull in some additional data from our partners honeypots and network sensors to get a rough count of the activity level going to this system.
UPDATE: We are also seeing large numbers of connections to 80.82.64.201 as well.
The system appears to be in Indonesia and is connected via cable modem. We are actively working with the ISP to see if they can provide any additional details.
UPDATES MOVED TO MAILING LIST
No comments:
Post a Comment