The following MD5s are known to have phoned back to the same IP (.209): MD5: d48a7ae9934745964951a704bcc70fe9MD5: 4626de911152ae7618c9936d8d258577MD5: ca4b79a33ea6e311eafa59a6c3fffee2MD5: eb3b44cee34ec09ec6c5917c5bd7cfb4 As well as a recent (2011) Palevo C&C activity.
Clearly, they've been multi-tasking on multiple fronts.
The following domains used to respond to the same IP (22.214.171.124), ua, mail.
What are the chances that these IPs are known to have been involved in related malicious/cybercrime-friendly activities? We've got the following MD5: 6a9b128545bd095dbbb697756f5586a9 spamming links to the same (hxxp://126.96.36.199/uksus/? Cross-checking the second IP (.209) across multiple proprietary and public databases, reveals a diversified criminal enterprise that's been using it for years.
In the overwhelming sea of information, access to timely, insightful and independent open-source intelligence (OSINT) analyses is crucial for maintaining the necessary situational awareness to stay on the top of emerging security threats.
This blog covers trends and fads, tactics and strategies, intersecting with third-party research, speculations and real-time CYBERINT assessments, all packed with sarcastic attitude In the wake of the recently announced security breaches at the NYTimes, WSJ, and the Washington Post, I decided to shed more light on what happens once a database gets compromised by Russian cybercriminals, compared to (supposedly) Chinese spies, with the idea to provide factual evidence that these breaches are just the tip of the iceberg.
Yeah, it’s quite a story, just wondering if the pulling of this story from the Internet is an even bigger story!
It’s not like this was some little 45 second news story about a fender bender at the corner of Walnut and Main.
But, don't forget, Hong Ra On still 18 years old or so and we can't consider her as an adult yet.In this intelligence brief, I'll profile a service that was originally operating throughout the entire 2009, selling access to compromised databases of multiple high-trafficked Web sites, through the direct compromise of their databases, hence, the name of the service - Give Me DB.Primary URL: hxxp://- Email: [email protected] URL: hxxp://shopdb.ICQ: 9348793; 5190451During 2009, the domain used to respond to 188.8.131.52 (LAMBDANET-AS European Backbone of Lambda Net), it then changed IPs to .209 (THEPLANET-AS - The Internet Services, Inc.).I wish I could meet her in the future, we're just in the same age so possibilities are high.How I wish they will do another historical drama together.