[atlas] Is the Atlas probe hackable?
- Previous message (by thread): [atlas] Is the Atlas probe hackable?
- Next message (by thread): [atlas] Is the Atlas probe hackable?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hank Nussbacher
hank at efes.iucc.ac.il
Wed Jul 6 12:45:14 CEST 2016
On 06/07/2016 09:56, Daniel Karrenberg wrote: It is indeed a FP. There was a collision between variant of Tinba DGA and legit domain - thinksquare.net. As you can see it the below link, a lot of malwares samples communicated with thinksquare.net on the exact same day. https://www.virustotal.com/en/domain/thinksquare.net/information/ -Hank > I am positive tinba cannot run on the probes. > > So either that IDS is brain damaged or some joker made a UDM that acts > like tinba or both. What Marc said: the 'CnC' appears to be at the root > name servers. Queue conspiracy theory ..... > > Daniel > > On 5.07.16 14:15 , Hank Nussbacher wrote: >> I received a report from one of our security monitoring systems about >> one of our probes (#17846) - https://atlas.ripe.net/probes/17846/ which >> appears to be infected with Tinba: >> >> >>> Security incident #1 - Tinba infection >>> Involved internal Hosts: >>> atlas-probe.cc.biu.ac.il 132.70.248.150 spotted since >>> 2016-06-30 >>> 23:58:54 till 2016-07-01 05:01:20 >>> Malicious activities found: >>> Tinba infection >>> related indication of compromise: >>> Communication with CnC >>> 192.112.36.4 >>> 192.203.230.10 >>> 192.228.79.201 >>> 192.33.4.12 >>> 192.36.148.17 >>> 193.0.14.129 >>> 198.41.0.4 >>> 198.97.190.53 >>> 199.7.83.42 >>> 199.7.91.13 >>> 202.12.27.33 >> >> Should we be worried? >> >> >> Thanks, >> >> Hank >> -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.ripe.net/ripe/mail/archives/ripe-atlas/attachments/20160706/cc0d8055/attachment.html>
- Previous message (by thread): [atlas] Is the Atlas probe hackable?
- Next message (by thread): [atlas] Is the Atlas probe hackable?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]