Tuesday, 19 May 2015

Example Threat: Naikon

Kaspersky recently released a detailed report on a group known for some time as "Naikon" ( https://securelist.com/analysis/publications/69953/the-naikon-apt/  ), and likely shares some correlations with the more recently described APT30 ( https://blog.kaspersky.com/naikon-apt-south-china-sea/ ).



You can browse some of the infrastructure within ThreatCrowd below:

https://www.threatcrowd.org/domain.php?domain=linda.googlenow.in
https://www.threatcrowd.org/domain.php?domain=admin0805.gnway.net
https://www.threatcrowd.org/domain.php?domain=free.googlenow.in
https://www.threatcrowd.org/domain.php?domain=frankhere.oicp.net
https://www.threatcrowd.org/domain.php?domain=frankhere.oicp.net
https://www.threatcrowd.org/domain.php?domain=telcom.dhtu.info
https://www.threatcrowd.org/domain.php?domain=laotel08.vicp.net
https://www.threatcrowd.org/domain.php?domain=greensky27.vicp.net
https://www.threatcrowd.org/domain.php?domain=googlemm.vicp.net
https://www.threatcrowd.org/domain.php?domain=googlemm.vicp.net
https://www.threatcrowd.org/domain.php?domain=peacesyou.imwork.net
https://www.threatcrowd.org/domain.php?domain=sayakyaw.xicp.net
https://www.threatcrowd.org/domain.php?domain=ubaoyouxiang.gicp.net
https://www.threatcrowd.org/domain.php?domain=htkg009.gicp.net
https://www.threatcrowd.org/domain.php?domain=kyawthumyin.xicp.net
https://www.threatcrowd.org/domain.php?domain=myanmartech.vicp.net
https://www.threatcrowd.org/domain.php?domain=test-user123.vicp.cc
https://www.threatcrowd.org/domain.php?domain=us.googlereader.pw
https://www.threatcrowd.org/domain.php?domain=net.googlereader.pw
https://www.threatcrowd.org/domain.php?domain=lovethai.vicp.net
https://www.threatcrowd.org/domain.php?domain=yahoo.goodns.in
https://www.threatcrowd.org/domain.php?domain=xl.findmy.pw
https://www.threatcrowd.org/domain.php?domain=xl.kevins.pw
https://www.threatcrowd.org/domain.php?domain=oraydns.googlesec.pw
https://www.threatcrowd.org/domain.php?domain=gov.yahoomail.pw
https://www.threatcrowd.org/domain.php?domain=pp.googledata.pw
https://www.threatcrowd.org/domain.php?domain=xl.findmy.pw
https://www.threatcrowd.org/domain.php?domain=mlfjcjssl.gicp.net
https://www.threatcrowd.org/domain.php?domain=o.wm.ggpw.pw
https://www.threatcrowd.org/domain.php?domain=oooppp.findmy.pw
https://www.threatcrowd.org/domain.php?domain=cipta.kevins.pw
https://www.threatcrowd.org/domain.php?domain=phi.yahoomail.pw
https://www.threatcrowd.org/domain.php?domain=xl.findmy.pw
https://www.threatcrowd.org/domain.php?domain=dd.googleoffice.in
https://www.threatcrowd.org/domain.php?domain=moziliafirefox.wicp.net
https://www.threatcrowd.org/domain.php?domain=bkav.imshop.in
https://www.threatcrowd.org/domain.php?domain=baomoi.coyo.eu
https://www.threatcrowd.org/domain.php?domain=macstore.vicp.cc
https://www.threatcrowd.org/domain.php?domain=downloadwindows.imwork.net
https://www.threatcrowd.org/domain.php?domain=vietkey.xicp.net
https://www.threatcrowd.org/domain.php?domain=baomoi.vicp.cc
https://www.threatcrowd.org/domain.php?domain=downloadwindow.imwork.net
https://www.threatcrowd.org/domain.php?domain=www.ttxvn.net
https://www.threatcrowd.org/domain.php?domain=vietlex.gnway.net
https://www.threatcrowd.org/domain.php?domain=www.ttxvn.net
https://www.threatcrowd.org/domain.php?domain=us.googlereader.pw
https://www.threatcrowd.org/domain.php?domain=yahoo.goodns.in
https://www.threatcrowd.org/domain.php?domain=lovethai.vicp.net
https://www.threatcrowd.org/domain.php?domain=vietlex.gnway.net
Posted by at No comments:
Labels:

Example Threat: Cmstar

PaloAlto recently published an article (http://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-enfals-new-cousin/ ) detailing a downloader they name "Cmstar" used to download the well known Enfal malware.



Below are links to browse some of this infrastructure within ThreatCrowd:






Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)