More details of the Dorifel servers
Jump to navigation
Jump to search
(Publication) Google search: [1]
| More details of the Dorifel servers | |
|---|---|
| Botnet | Dorifel |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 10/08/2012 |
| Editor/Conference | Rickey Gevers |
| Link | http://rickey-g.blogspot.nl/2012/08/more-details-of-dorifel-servers.html blogspot.com (blogspot.com Archive copy) |
| Author | Rickey Gevers |
| Type | |
Abstract
“ Below are my findings of the two servers used in the (targetted) attack mainly taking place in the Netherlands.
We have 2 server setups that are close to identical, their ip-adresses are: 184.22.103.202 (Domain: reslove-dns.com) 184.82.162.163 (Domains: 10ba.com, windows-update-server.com, wsef32asd1.org, dns-local.org) Both are hosted within AS21788
From now on I consider both IP-adresses as one server. Or both IP-adresses as a proxy.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1081,
editor = {Rickey Gevers},
author = {Rickey Gevers},
title = {More details of the Dorifel servers},
date = {08},
month = Oct,
year = {2012},
howpublished = {\url{http://rickey-g.blogspot.nl/2012/08/more-details-of-dorifel-servers.html blogspot.com}},
}