Activity Summary - Week Ending on 14 September 2023:
- Red Sky Alliance identified 766 connections from ‘new’ IP’s checking in with our Sinkholes
- Kyivstar[.]ua in Ukraine Hit 250x
- 135 ‘new’ Botnets hits
- MidgeDropper
- Complex Infection Chain
- Home to Work Lure
- Las Vegas Hit on MGM
- UK Police Attack
Link to full report: IR-23-257-001_weekly257.pdf
Red Sky Alliance Compromised (C2) IP’s
|
37.115.196.12 was found 250 times. Confidence of Abuse is 100% ISP: Kyivstar PJSC; Usage Type: Unknown; Hostname(s): 37-115-196-12.broadband.kyivstar.net; Domain Name: kyivstar.ua; Country: Ukraine, City: Vyshneve, Kyivska oblast |
|
IP |
Contacts |
|
37.115.196.12 |
2 |
|
95.220.10.243 |
1 |
|
85.174.207.240 |
1 |
|
85.174.200.236 |
1 |
|
81.17.18.106 |
1 |
On 13 September 2023, Red Sky Alliance identified 766 connections from new unique IP addresses, which are checking in with one of the many Red Sky Alliance sinkholed domains.
|
Malware Variant |
Times Seen |
|
sality |
696 |
|
corkow |
68 |
|
shiz |
3 |
|
hurgyu |
1 |
|
wcry_ransom |
1 |
|
Top 5 Malware Variant and number of contacts. Sality and Corkow has consistently remain the top variants.
|
Red Sky Alliance Malware Activity
For a full black list – contact analysts: info@redskyalliance.com
Red Sky Alliance Botnet Tracker
On 13 September 2023, analysts identified 135 new IP addresses participating in various botnets (call for full .csv Blacklists, below are only a small sampling of botnet trackers). We are currently upgrading this collection.
|
First_ Seen |
Botnet Attribution |
Infected Host’s IPv4 Address |
|
2023-09-12T06:29:43 |
HTTP proxy|port: 3128 |
5.161.121.112 |
|
2023-09-07T01:20:24 |
HTTP proxy|port: 80 |
8.219.170.64 |
|
2023-09-11T18:04:11 |
HTTP proxy|port: 80 |
8.219.170.232 |
|
2023-09-08T12:32:13 |
HTTP proxy|port: 1981 |
41.65.0.208 |
|
2023-09-08T12:32:13 |
HTTP proxy|port: 1981 |
41.65.0.208 |
Keylogger IOCs available upon request.
