12224274477?profile=RESIZE_400xActivity Summary - Week Ending on 14 September 2023:

  • Red Sky Alliance identified 766 connections from ‘new’ IP’s checking in with our Sinkholes
  • Kyivstar[.]ua in Ukraine Hit 250x
  • 135 ‘new’ Botnets hits
  • MidgeDropper
  • Complex Infection Chain
  • Home to Work Lure
  • Las Vegas Hit on MGM
  • UK Police Attack

 

Link to full report: IR-23-257-001_weekly257.pdf

Red Sky Alliance Compromised (C2) IP’s 

37.115.196.12 was found 250 times. Confidence of Abuse is 100%  ISP:  Kyivstar PJSC;  Usage Type:  Unknown;  Hostname(s):  37-115-196-12.broadband.kyivstar.net;  Domain Name:  kyivstar.ua;  Country:   Ukraine, City: Vyshneve, Kyivska oblast
https://www.abuseipdb.com/check37.115.196.12

 

IP

Contacts

37.115.196.12

2

95.220.10.243

1

85.174.207.240

1

85.174.200.236

1

81.17.18.106

1

  

On 13 September 2023, Red Sky Alliance identified 766 connections from new unique IP addresses, which are checking in with one of the many Red Sky Alliance sinkholed domains.

Malware Variant

Times Seen

sality

696

corkow

68

shiz

3

hurgyu

1

wcry_ransom

1

Top 5 Malware Variant and number of contacts.  Sality and Corkow has consistently remain the top variants. 
Shiz follows.

 

 Red Sky Alliance Malware Activity   

 

For a full black list – contact analysts: info@redskyalliance.com

Red Sky Alliance Botnet Tracker


On 13 September 2023, analysts identified 135 new IP addresses participating in various botnets (call for full .csv Blacklists, below are only a small sampling of botnet trackers).  We are currently upgrading this collection.

First_ Seen

Botnet Attribution

Infected Host’s IPv4 Address

2023-09-12T06:29:43

HTTP proxy|port: 3128

5.161.121.112

2023-09-07T01:20:24

HTTP proxy|port: 80

8.219.170.64

2023-09-11T18:04:11

HTTP proxy|port: 80

8.219.170.232

2023-09-08T12:32:13

HTTP proxy|port: 1981

41.65.0.208

2023-09-08T12:32:13

HTTP proxy|port: 1981

41.65.0.208

 

 

Keylogger IOCs available upon request. 

 

Topics by Tags

Monthly Archives