If you want to see all in the list, please go to the Source.
Hello security community. I’ve compiled the following information for your viewing pleasure. I hope this isn’t as misconstrued as http://www.secureworks.com/research/threats/htran/. This information is by no means the result of a singular analysis of a public Chinese hacking utility. At least three distinct threat groups were profiled in Joe Stewart’s analysis; however, no distinction was paid to the actual actors themselves as each was identified by a single means. I’m not going to pay homage to the other two actors, as I’m sure the US government and other private entities will have enough problems recovering from this singular data exposure. My motivation is purely selfless in nature and I only wish the security community to improve upon what has already been done in this realm. Most of the security community is a fraud and continues to subsist on half-assed analyses and bogus data. All information was compiled from open sources and leaked information; no customer-based data was used for the analysis. My sincerest apologies go out to those with ongoing monitoring operations on any of the IP addresses involved. These attacks have targeted US and Canadian companies almost exclusively for at least five years; the tools, tactics, and procedures have changed very little during that timeframe and continue to be extremely effective.
Several private companies currently monitor several of these IP addresses for the purpose of supplying stolen information back to the affected companies. Stolen data is effectively held hostage for the price of doing business with the company in the know. On the other hand if you’re lucky, the government will notify you of a breach within six months or less. The more likely scenario though is that you will never hear a thing from anyone unless your business is of significant financial importance or you can afford to pay the exorbitant price of the private companies. Currently the FBI, AF OSI, and NCIS may provide these ‘notifications’ to affected companies. In recent years each branch has become significantly more segmented and isolated as such the overall quality of the information provided to the affected companies has degraded. Private entities continue to prosper off of this information to the tune of millions of dollars annually and the affected companies continue to leak money and data to the attackers. I’m not of the mindset to define the attacker or their motivations; however, it’s easy to gleam that the interests are economic in nature and purely financial in motivation. If your company is one outlined in the list below chances are you’re doing business in the Peoples’ Republic of China or plan to shortly. Negotiations are a common target for economically motivated hackers and hence email and other relevant information pertaining to contract negotiation data will be taken. If you currently conduct business with the PRC chances are that your organization has knowingly or unknowingly been compromised.
The domains presented below represent only a small fraction of those that are currently active and reflect only the activities of a singular group of individuals. The data has not been truncated and reflects several months of monitoring; non-routable IP addresses and google/yahoo domains are normal for inactive domains. If you don’t know what to do with the information provide in this leak you deserve to continue to get fucked as you already have been, and you probably will be once again as tactics change. This should not be construed as the totality of ongoing activity only a harbinger of what’s to come. I have no allegiances, I make no money, I am not legion.
-RSA Employee #15666
----------------Begin Data----------------
08elec.purpledaily.com 64.233.169.147
09back.purpledaily.com 127.0.0.1
33bees.servebeer.com 220.128.105.177
3ml.infosupports.com 255.255.255.255
7cback.afraid.org 67.215.65.132
a-af.arrowservice.net 64.233.169.147
a-bne.arrowservice.net 64.233.163.104
a-if.arrowservice.net 64.233.169.147
aam.businessconsults.net 74.125.95.147
aar.bigdepression.net 12.14.129.91
aar.bigdepression.net 64.255.101.100
acli-mail.businessconsults.net 64.233.169.147
acu.businessconsults.net 150.176.164.6
adb.businessconsults.net 208.185.233.163
add.infosupports.com 255.255.255.255
addr.infosupports.com 255.255.255.255
admin.arrowservice.net 165.165.38.19
admin.softsolutionbox.net 74.125.93.105
adt.businessconsults.net 12.185.222.8
adtkl.newsonet.net 72.14.204.147
adtlk.bigish.net 74.14.204.147
aes.infosupports.com 216.15.210.68
aes.infosupports.com 74.93.92.50
af.arrowservice.net 207.46.17.125
afda.businessconsults.net 12.185.222.8
afw.globalowa.com 64.233.169.147
agl.softsolutionbox.net 64.233.169.147
ago.businessconsults.net 63.134.215.218
agru.qpoe.com 68.96.31.136
alarm.arrowservice.net 209.85.227.104
alcan.arrowservice.net 127.0.0.1
alion.businessconsults.net 208.44.242.11
amne.purpledaily.com 64.233.169.147
anglo.arrowservice.net 12.185.222.8
anglo.arrowservice.net 66.102.9.104
aol.arrowservice.net 208.69.32.230
aol.softsolutionbox.net 64.233.169.147
apa.infosupports.com 63.195.112.159
apa.newsonet.net 64.184.2.11
apa.newsonet.net 64.233.169.147
apa.safalife.com 66.228.132.20
apejack.bigish.net 64.233.169.104
apekl.newsonet.net 64.233.169.104
apple.blackcake.net 127.0.0.1
apple.infosupports.com 255.255.255.255
aps.bigdepression.net 255.255.255.255
apss.newsonet.net 64.233.169.147
ara.blackcake.net 208.37.108.211
ara.blackcake.net 255.255.255.255
ara.blackcake.net 64.26.31.5
ara.infosupports.com 208.37.108.211
ara.infosupports.com 255.255.255.255
ara.infosupports.com 64.26.31.5
ara2.blackcake.net 255.255.255.255
ara2.infosupports.com 255.255.255.255
arainfo.bigdepression.net 64.26.31.5
arainfo.infosupports.com 255.255.255.255
argsafhq.blackberrycluter.com 64.233.169.147
armi.arrowservice.net 216.45.6.3
asis.newsonet.net 69.147.76.15
asiv.softsolutionbox.net 12.185.222.8
asp.softsolutionbox.net 74.125.71.105
ass.globalowa.com 64.233.169.147
astone.newsonet.net 74.125.115.147
ati.arrowservice.net 63.134.215.150
ati.globalowa.com 127.0.0.12
ati2.globalowa.com 127.0.0.12
att.infosupports.com 208.44.242.32
att.infosupports.com 64.26.31.5
ausi.businessconsults.net 212.84.113.22
avph.earthsolution.org 209.172.51.139
bab.infosupports.com 255.255.255.255
back.earthsolution.org 127.0.0.1
back.worthhummer.net 127.0.0.18
backup.infosupports.com 255.255.255.255
bah.safalife.com 212.125.200.204
bah.safalife.com 66.162.37.179
bah001.blackcake.net 212.125.200.204
ball.dnsweb.org 127.0.0.1
bat.bigdepression.net 255.255.255.255
bat.blackcake.net 255.255.255.255
bat.infosupports.com 255.255.255.255
bbc.blackcake.net 255.255.255.255
bbh.dnsweb.org 209.172.51.139
bcc.blackberrycluter.com 64.233.169.147
bda.arrowservice.net 208.185.233.163
bee.businessconsults.net 12.38.236.21
bhbt.newsonet.net 64.221.131.174
bksy.businessconsults.net 161.58.177.111
bll.dnsweb.org 127.0.0.1
blue.infosupports.com 255.255.255.255
bmms07.bm.ust.hk 143.89.35.7
bob.dnsweb.org 12.14.129.91
bobo.buisnessconsults.net 127.0.0.1
bot.bigdepression.net 255.255.255.255
bphb.arrowservice.net 127.0.0.60
bswt.purpledaily.com 67.195.160.76
built.arrowservice.net 72.14.254.104
business.chileexe77.com 209.136.47.214
business.infosupports.com 255.255.255.255
buyer.arrowservice.net 127.0.0.1
buz.businessconsults.net 127.0.0.18
caaid.newsonet.net 143.89.56.207
cac.bigdepression.net 24.96.236.181
cac.worthhummer.net 161.58.182.205
caci.blackcake.net 127.0.0.1
caci.businessconsults.net 212.125.200.204
caci.infosupports.com 212.125.200.204
caci.infosupports.com 216.249.111.232
caci.safalife.com 66.162.37.179
caci2.infosupports.com 212.125.200.204
cacq.bigdepression.net 209.172.51.139
cadfait.softsolutionbox.net 66.249.91.104
cais.blackcake.net 255.255.255.255
car1.bigdepression.net 66.228.132.129
carpgallery.longmusic.com 174.36.200.35
carvin.infosupports.com 209.85.229.103
catalog.earthsolution.org 72.167.34.54
cbc.purpledaily.com 64.233.169.147
ccb.blackberrycluter.com 127.0.0.1
ccsukl.purpledaily.com 194.106.162.203
ccsukl.purpledaily.com 72.14.204.104
cdc01.hugesoft.org 64.233.169.1
cdc01.hugesoft.org 64.233.169.147
cdcd.newsonet.net 64.233.169.147
cdd.purpledaily.com 64.233.169.147
center.arrowservice.net 64.233.163.99
center.infosupports.com 255.255.255.255
ceros.buisnessconsults.net 68.96.31.136
chamus.gmailboxes.com 143.89.132.99
chamus.gmailboxes.com 194.106.162.203
chamus.gmailboxes.com 63.162.42.46
chamus.gmailboxes.com 64.233.169.104
chamus.gmailboxes.com 70.90.53.170
chq.newsonet.net 127.0.0.1
cib.businessconsults.net 63.134.215.129
cibuc.blackcake.net 255.255.255.255
citrix.globalowa.com 127.0.0.10
climate.newsonet.net 127.0.0.8
clin.earthsolution.org 161.58.177.111
cman.blackcake.net 66.228.132.20
coco.purpledaily.com 127.0.0.1
cok.purpledaily.com 64.233.169.147
comfile.softsolutionbox.net 61.9.147.196
contact.arrowservice.net 127.0.0.120
contact.ignorelist.com 72.14.213.147
contact.purpledaily.com 12.185.222.8
control.arrowservice.net 208.48.53.218
control.blackberrycluter.com 74.125.77.104
cook.globalowa.com 63.134.215.150
cool.newsonet.net 216.55.83.12
copierexpert.com 207.225.36.69
corp.purpledaily.com 208.44.242.11
count.blackcake.net 255.255.255.255
cov.arrowservice.net 204.100.63.18
covclient.arrowservice.net 204.100.63.18
cow.arrowservice.net 127.0.0.16
cowboy.bigish.net 64.233.169.104
crab.arrowservice.net 203.170.198.56
crazycow.homenet.org 143.89.132.99
crazycow.homenet.org 64.233.169.104
create301.dyndns.info 204.45.228.140
csba.bigdepression.net 255.255.255.255
csc.businessconsults.net 161.58.182.205
csch.infosupports.com 216.47.214.42
csupp.bigish.net 64.126.12.3
ctch.earthsolution.org 209.172.51.139
ctcn.dns2.us 66.192.230.86
ctcn.purpledaily.com 68.96.31.136
ctcs.bigdepression.net 127.0.0.1
ctisk.purpledaily.com 194.106.162.203
ctx.safalife.com 72.14.213.147
culture.chileexe77.com 24.207.42.66
daa.bigdepression.net 12.14.129.91
daa.bigdepression.net 66.228.132.16
date.gmailboxes.com 140.112.19.195
dcs.ygto.com 127.0.0.1
dcs.ygto.com 74.93.92.50
default.arrowservice.net 74.125.87.147
den.blackcake.net 255.255.255.255
denel.businessconsults.net 127.0.0.1
des.blackcake.net 255.255.255.255
des.infosupports.com 216.15.210.68
des.infosupports.com 255.255.255.255
dev.teamattire.com 68.166.53.102
dfait-kl.worthhummer.net 66.249.91.104
dgih.dnsweb.org 72.240.45.65
dias.globalowa.com 64.233.169.147
dns.chileexe77.com 70.108.241.36
dns.issnbgkit.net 66.118.61.226
dnsg.bigdepression.net 127.0.0.1
doa.bigdepression.net 12.14.129.91
doa.bigdepression.net 212.125.200.204
doa.bigdepression.net 66.228.132.16
dod.dnsweb.org 66.111.37.26
domain.arrowservice.net 74.125.87.147
dotnet.safalife.com 66.250.218.2
dove.blackcake.net 208.37.108.211
dove.blackcake.net 255.255.255.255
dove.blackcake.net 64.26.31.5
down.safalife.com 66.228.132.16
drs.infosupports.com 66.228.132.20
drs.safalife.com 127.0.0.1
dsh.newsonet.net 68.165.211.181
dsw.blackcake.net 255.255.255.255
dsw.blackcake.net 64.26.31.5
dvid.blackcake.net 255.255.255.255
dvid.blackcake.net 64.26.31.5
dvid.infosupports.com 255.255.255.255
dvid.infosupports.com 64.26.31.5
dvn.newsonet.net 64.233.169.147
dyn.newsonet.net 64.14.81.30
dyns.infosupports.com 127.0.0.1
ecc.bigdepression.net 127.0.0.1
ecc.safalife.com 66.228.132.53
eds1.infosupports.com 255.255.255.255
eds1.infosupports.com 64.26.31.5
egcc.bigdepression.net 127.0.0.1
email.hugesoft.org 208.185.233.163
email.hugesoft.org 64.126.12.3
engineer2010.mynumber.org 12.38.236.41
epi.newsonet.net 209.85.227.103
epi.newsonet.net 64.8.114.124
epi.purpledaily.com 64.233.169.147
epic.purpledaily.com 64.4.21.91
epod.businessconsults.net 127.0.0.1
ever.arrowservice.net 74.125.79.99
explorer.pcanywhere.net 98.137.149.56
eye.businessconsults.net 127.0.0.1
fed.purpledaily.com 127.0.0.1
ffej.newsonet.net 127.0.0.1
ffej.purpledaily.com 64.233.169.147
fher.bigish.net 74.12.204.147
fher.buisnessconsults.net 74.12.204.147
fher.businessconsults.net 74.12.204.147
fhh.purpledaily.com 74.12.204.147
fim.purpledaily.com 194.106.162.203
fim.purpledaily.com 64.233.169.147
finance.chileexe77.com 212.159.25.242
fine.worthhummer.net 127.0.0.1
fineca.blackberrycluter.com 194.106.162.203
fineca.newsonet.net 194.106.162.203
fineca.newsonet.net 66.249.80.104
finekl.bigish.net 66.249.80.104
finekl.purpledaily.com 64.184.2.11
finekl.worthhummer.net 194.106.162.203
fjod.businessconsults.net 64.233.169.147
flashingaway.otzo.com 174.36.200.35
flucare.worthhummer.net 194.106.162.203
fly.blackcake.net 255.255.255.255
fmcc.businessconsults.net 64.233.169.147
fmp.bigish.net 209.85.147.104
fmp.worthhummer.net 209.85.147.104
fnem.businessconsults.net 72.14.204.104
fnpc.arrowservice.net 64.12.79.57
fnrn.businessconsults.net 173.194.32.104
free.gmailboxes.com 207.173.155.44
friends.arrowservice.net 209.85.173.99
fstl.businessconsults.net 74.125.113.147
fstl.worthhummer.net 67.132.222.230
ftp.freespirit.acmetoy.com 127.0.0.1
ftp.purpledaily.com 209.85.148.105
ftrj.businessconsults.net 64.233.169.147
fwb.blackcake.net 212.125.200.204
fwmo.businessconsults.net 208.185.233.163
fwmo.newsonet.net 70.90.53.170
gaca.newsonet.net 143.89.132.99
gannett.infosupports.com 255.255.255.255
gatu.arrowservice.net 70.90.53.170
gayi.blackcake.net 24.123.243.218
gdaa.ns02.info 72.242.59.164
gdsp.infosupports.com 127.0.0.1
gdtm.earthsolution.org 209.172.51.139
gege.newsonet.net 216.143.158.107
gg.arrowservice.net 64.233.169.147
ghma.earthsolution.org 127.0.0.1
ghma.earthsolution.org 68.96.31.136
gjjr.newsonet.net 207.225.36.69
glj.purpledaily.com 64.233.169.147
global.softsolutionbox.net 70.90.53.170
glx.newsonet.net 209.85.227.103
gmail.bigdepression.net 74.93.92.50
gmail.infosupports.com 212.125.200.197
green.safalife.com 255.255.255.255
ground.earthsolution.org 207.157.116.130
ground.infosupports.com 127.0.0.1
half.earthsolution.org 72.242.59.165
half.infosupports.com 212.125.200.197
happy.arrowservice.net 127.0.0.1
hapyy2010.lflinkup.net 12.38.236.41
hav.earthsolution.org 127.0.0.1
hav.earthsolution.org 68.96.31.136
help.purpledaily.com 12.185.222.8
help.purpledaily.com 74.125.79.99
hill.arrowservice.net 64.233.189.104
home.arrowservice.net 64.233.189.99
host.arrowservice.net 127.0.0.1
host.issnbgkit.net 65.105.157.228
hotel.safalife.com 64.254.247.13
hotel.safalife.com 66.111.37.26
house.globalowa.com 72.14.204.103
house.gmailboxes.com 72.14.204.103
hpd.newsonet.net 64.12.75.1
hrsy.newsonet.net 64.233.169.147
hy.purpledaily.com 64.233.169.147
hy.worthhummer.net 127.0.0.1
iabk.newsonet.net 64.233.169.147
iea.businessconsults.net 127.0.0.1
imgmobile.anxa.com 209.172.51.139
index.arrowservice.net 74.125.155.103
india.arrowservice.net 64.4.21.91
indian.arrowservice.net 64.4.21.91
info.bigish.net 127.0.0.1
info.businessconsults.net 12.38.236.21
info.businessconsults.net 12.38.236.41
info.businessconsults.net 127.0.0.1
info.softsolutionbox.net 127.0.0.1
ins.globalowa.com 64.233.169.147
ins.purpledaily.com 64.233.169.147
intel.infosupports.com 68.96.31.136
inter.earthsolution.org 127.0.0.1 Source: http://pastebin.com/raw.php?i=yKSQd5Z5
If you like my blog, Please Donate Me
0 ความคิดเห็น:
Post a Comment