More details of the Dorifel servers
Jump to navigation
Jump to search
(Publication) Google search: [1]
More details of the Dorifel servers | |
---|---|
Botnet | Dorifel |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 10/08/2012 |
Editor/Conference | Rickey Gevers |
Link | http://rickey-g.blogspot.nl/2012/08/more-details-of-dorifel-servers.html blogspot.com (blogspot.com Archive copy) |
Author | Rickey Gevers |
Type |
Abstract
“ Below are my findings of the two servers used in the (targetted) attack mainly taking place in the Netherlands.
We have 2 server setups that are close to identical, their ip-adresses are: 184.22.103.202 (Domain: reslove-dns.com) 184.82.162.163 (Domains: 10ba.com, windows-update-server.com, wsef32asd1.org, dns-local.org) Both are hosted within AS21788
From now on I consider both IP-adresses as one server. Or both IP-adresses as a proxy.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1081, editor = {Rickey Gevers}, author = {Rickey Gevers}, title = {More details of the Dorifel servers}, date = {08}, month = Oct, year = {2012}, howpublished = {\url{http://rickey-g.blogspot.nl/2012/08/more-details-of-dorifel-servers.html blogspot.com}}, }