malicious ips and domains (1)

12428818057?profile=RESIZE_400xThe Sysdig Threat Research Team (Sysdig TRT) recently discovered a long-running botnet operated by a Romanian threat actor group, which we call RUBYCARP.  Evidence suggests that this threat actor has been active for at least 10 years.  Its primary method of operation leverages a botnet deployed using a variety of public exploits and brute force attacks.  This group communicates via public and private IRC networks, develops cyber weapons and targeting data, and uses its botnet for financial gain