[Emerging-Sigs] RBN in the US now?
Jim McQuaid
jim at jamesmcquaid.com
Sun Feb 3 17:07:03 EST 2008
Hello Michael,
I have that listed in
http://doc.emergingthreats.net/pub/Main/SnortConfSamples/RussianBusinessNetworkIPs.txt
208.72.160.0/20 AS35902
BROADWEAVE-NETWORKS-TRAVERSE
208.72.170.189/32 back1.76team.com and
bavk1.76team.com
76team is the notorious "malware as a service".
Please look at this excellent article:
http://rbnexploit.blogspot.com/2007/11/rbn-76-service-team-loads-cc-and-their.html
I'll take a look and see what RBN has done there
lately.
James McQuaid
> Message: 1
> Date: Sun, 03 Feb 2008 09:41:54 -0500
> From: Michael Scheidell <scheidell at secnap.net>
> Subject: [Emerging-Sigs] RBN in the US now?
> To: emerging-sigs at emergingthreats.net
> Message-ID: <47A5D2B2.8080705 at secnap.net>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Russian Business network kicked out of russia and
> china, now in the US
> where the have safe haven?
>
> ET RBN Known Russian Business Network Traffic
> OrgName: McColo Corporation
> OrgID: MCCOL
> Address: 64 East main st. box 275
> City: Newark
> StateProv: DE
> PostalCode: 19715
> Country: US
>
> NetRange: 208.72.168.0 - 208.72.175.255
> CIDR: 208.72.168.0/21
> NetName: MCCOLO
> NetHandle: NET-208-72-168-0-1
> Parent: NET-208-0-0-0-0
> NetType: Direct Allocation
> NameServer: NS01.MCCOLO.COM
> NameServer: NS02.MCCOLO.COM
>
> --
> Michael Scheidell, CTO
> Main: 561-999-5000, Office: 561-939-7259
> > *| *SECNAP Network Security Corporation
> Winner 2008 Technosium hot company award.
> www.technosium.com/hotcompanies/
> <http://www.technosium.com/hotcompanies/>
More information about the Emerging-sigs
mailing list