下記の日本国内マシン、IPアドレスは:
117.74.46.13|Japan|TDNC Community Network Center Inc.|AS9354 218.110.111.80|Japan|SO-NET So-net Entertainment Corporation|AS2527 111.67.162.60|Japan|HANSHIN ITEC HANKYU HANSHIN CO.,LTD.|AS7524 210.148.165.67|Japan|IIJ Internet Initiative Japan Inc.|AS2497 114.178.77.6|Japan|OCN NTT Communications Corporation|AS4713 61.27.199.31|Japan|ASN-ATHOMEJP|AS9824 123.216.163.119|Japan|OCN NTT Communications Corporation|AS4713 60.71.211.55|Japan|GIGAINFRA Softbank BB Corp.|AS17676 203.114.209.218|Japan|QTNET Kyushu Telecommunication Network Co.,Inc.|AS7679 106.169.115.234|Japan|KDDI KDDI CORPORATION|AS2516 114.48.16.144|Japan|EMOBILE eMobile Ltd.|AS37903 180.11.51.121|Japan|OCN NTT Communications Corporation|AS4713 219.121.156.187|Japan|TDNC Community Network Center Inc.|AS9354 116.65.108.115|Japan|ASN-ATHOMEJP|AS9824 58.89.126.241|Japan|OCN NTT Communications Corporation|AS4713 219.115.243.108|Japan|ZAQ KANSAI MULTIMEDIA SERVICE COMPANY|AS9617 116.83.151.87|Japan|INFOWEB FUJITSU LIMITED|AS2510 121.2.3.182|Japan|SO-NET So-net Entertainment Corporation|AS2527 125.4.35.24|Japan|ZAQ KANSAI MULTIMEDIA SERVICE COMPANY|AS9617 60.40.158.22|Japan|OCN NTT Communications Corporation|AS4713 58.0.83.121|Japan|INFOWEB FUJITSU LIMITED|AS2510 153.185.24.123|Japan|OCN NTT Communications Corporation|AS4713 180.61.12.209|Japan|OCN NTT Communications Corporation|AS4713 58.1.146.36|Japan|INFOWEB FUJITSU LIMITED|AS2510 112.139.167.48|Japan|TOKAI TOKAI Communications Corporation|AS10010 223.133.68.174|Japan|SO-NET So-net Entertainment Corporation|AS2527 61.200.114.40|Japan|TOKAI TOKAI Communications Corporation|AS10010 210.1.161.235|Japan|HANSHIN ITEC HANKYU HANSHIN CO.,LTD.|AS7524 119.171.13.230|Japan|ASN-ATHOMEJP|AS9824 110.133.156.104|Japan|ASN-ATHOMEJP|AS9824 219.103.108.90|Japan|CTS SOUTH TOKYO CABLETELEVISION|AS17957 183.72.151.211|Japan|MOPERA NTT DoCoMo, Inc.|AS9605 126.4.196.160|Japan|SOFTBANK BB Corp|AS17676今現在「KELIHOS」マルウェアが散蒔かれています。下記はwgetの証拠です:
bash-3.2$ wget hxxp://117.74.46.13/rasta01.exe --2013-08-08 15:31:10-- hxxp://117.74.46.13/rasta01.exe Connecting to 117.74.46.13:80... connected. HTTP request sent, awaiting response... 200 Length: 1221261 (1.2M) [] Saving to: ‘rasta01.exe.4’ 100%[==============>] 1,221,261 371KB/s in 3.2s 2013-08-08 15:31:36 (371 KB/s) - ‘rasta01.exe.4’ saved [1221261/1221261] bash-3.2$ wget hxxp://218.110.111.80/rasta01.exe --2013-08-08 15:31:56-- hxxp://218.110.111.80/rasta01.exe Connecting to 218.110.111.80:80... connected. HTTP request sent, awaiting response... 200 Length: 1221261 (1.2M) [] Saving to: ‘rasta01.exe.5’ 100%[==============>] 1,221,261 1.64MB/s in 0.7s 2013-08-08 15:32:02 (1.64 MB/s) - ‘rasta01.exe.5’ saved [1221261/1221261] bash-3.2$ wget hxxp://111.67.162.60/rasta01.exe --2013-08-08 15:32:22-- hxxp://111.67.162.60/rasta01.exe Connecting to 111.67.162.60:80... connected. HTTP request sent, awaiting response... 200 Length: 1221261 (1.2M) [] Saving to: ‘rasta01.exe.6’ 100%[==============>] 1,221,261 443KB/s in 2.7s 2013-08-08 15:33:17 (443 KB/s) - ‘rasta01.exe.6’ saved [1221261/1221261] bash-3.2$ wget hxxp://210.148.165.67/rasta01.exe --2013-08-08 15:33:34-- hxxp://210.148.165.67/rasta01.exe Connecting to 210.148.165.67:80... connected. HTTP request sent, awaiting response... 200 Length: 1221261 (1.2M) [] Saving to: ‘rasta01.exe.7’ 100%[==============>] 1,221,261 1.99MB/s in 0.6s 2013-08-08 15:33:42 (1.99 MB/s) - ‘rasta01.exe.7’ saved [1221261/1221261] bash-3.2$ wget hxxp://114.178.77.6/rasta01.exe --2013-08-08 15:33:58-- hxxp://114.178.77.6/rasta01.exe Connecting to 114.178.77.6:80... connected. HTTP request sent, awaiting response... 200 Length: 1221261 (1.2M) [] Saving to: ‘rasta01.exe.8’ 100%[==============>] 1,221,261 1.05MB/s in 1.1s 2013-08-08 15:34:04 (1.05 MB/s) - ‘rasta01.exe.8’ saved [1221261/1221261] などなど。。。。それぞれのサンプルがウイルストータルに確認結果は下記となります:
https://www.virustotal.com/en/file/faf6ad155cfd58fdda30cb668d019392c47843f7b471f652761749509fc709bd/analysis/1375944111/ https://www.virustotal.com/en/file/faf6ad155cfd58fdda30cb668d019392c47843f7b471f652761749509fc709bd/analysis/1375944139/ https://www.virustotal.com/en/file/faf6ad155cfd58fdda30cb668d019392c47843f7b471f652761749509fc709bd/analysis/1375944210/ https://www.virustotal.com/en/file/faf6ad155cfd58fdda30cb668d019392c47843f7b471f652761749509fc709bd/analysis/1375944170/ https://www.virustotal.com/en/file/faf6ad155cfd58fdda30cb668d019392c47843f7b471f652761749509fc709bd/analysis/1375944189/ などなど。。。画像スナップショット:
などなど。。。
検知率について、非常に低いですので、下記は証拠となります:
ダウンロード:
ウイルストータルのチェック結果:3/45ですね、本日付けでスキャンしました:
IPのブロックとイPのクリーンアップとブロックを取り急ぎお願いしますよ。
2013年8月10日付け、KELIHOSマルウェアに感染されたマシンが増えて、下記のIPアドレス↓
211.125.111.42|i042.tr1.kct.ne.jp.|9622 | 211.125.96.0/19 | KCT | JP | KCT.NE.JP | KURASHIKI CABLE TV CORPORETION 219.115.71.102|zaqdb734766.zaq.ne.jp.|9617 | 219.115.64.0/19 | ZAQ | JP | JCOM.CO.JP | J:COM WEST CO. LTD. 61.22.169.240|61-22-169-240.rev.home.ne.jp.|9824 | 61.22.128.0/18 | ASN | JP | TECHNOLOGYNETWORKS.COM | TECHNOLOGY NETWORKS INC. 61.44.248.145|dhcp-ubr3-2615.csf.ne.jp.|18092 | 61.44.248.0/21 | CSF | JP | CSF.NE.JP | KYUSHU TELE COMMUNICATIONS COMPANY 221.17.12.18|softbank221017012018.bbtec.net.|17676 | 221.17.0.0/16 | GIGAINFRA | JP | SOFTBANKBB.CO.JP | JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP. 59.85.71.146|146.net059085071.t-com.ne.jp.|10010 | 59.85.64.0/18 | TOKAI | JP | TOKAI-COM.CO.JP | TOKAI COMMUNICATIONS CORPORATION 218.223.213.245|u245.d213223218.ctt.ne.jp.|7672 | 218.223.208.0/20 | FITWEB | JP | CTT.NE.JP | CABLE TELEVISION TOYAMA INCORPORETED 183.72.55.147|u555147.xgsfmg19.imtp.tachikawa.mopera.net.|9605 | 183.72.0.0/14 | MOPERA | JP | NTTDOCOMO.COM | NTT DOCOMO INC. 125.14.50.188|125-14-50-188.rev.home.ne.jp.|9824 | 125.14.0.0/17 | ASN | JP | TECHNOLOGYNETWORKS.COM | TECHNOLOGY NETWORKS INC. 125.215.84.143|cm-125-215-84-143.client.mcbnet.ne.jp.|7522 | 125.215.64.0/19 | STCN | JP | MCBNET.NE.JP | MITOYO CATV BROADCAST NETWORK 175.28.20.26|host-175-28-20-26.mctv.ne.jp.|10019 | 175.28.16.0/20 | MCTV | JP | MCTV.NE.JP | MATSUSAKA CATV STATION CO. LTD. 61.24.56.185|61-24-56-185.rev.home.ne.jp.|9824 | 61.24.0.0/17 | ASN | JP | TECHNOLOGYNETWORKS.COM | TECHNOLOGY NETWORKS INC. 61.22.2.169|61-22-2-169.rev.home.ne.jp.|9824 | 61.22.0.0/18 | ASN | JP | TECHNOLOGYNETWORKS.COM | TECHNOLOGY NETWORKS INC. 110.132.92.185|110-132-92-185.rev.home.ne.jp.|9824 | 110.132.0.0/16 | ASN | JP | TECHNOLOGYNETWORKS.COM | TECHNOLOGY NETWORKS INC. 1.66.111.85|u611085.xgsnff2.imtp.tachikawa.mopera.net.|9605 | 1.66.0.0/15 | MOPERA | JP | NTTDOCOMO.COM | NTT DOCOMO INC. 218.220.217.228|zaqdadcd9e4.zaq.ne.jp.|9617 | 218.220.192.0/19 | ZAQ | JP | JCOM.CO.JP | J:COM WEST CO. LTD. 114.51.25.114|em114-51-25-114.pool.e-mobile.ne.jp.|37903 | 114.51.0.0/19 | EMOBILE | JP | EACCESS.NET | EACCESS LTD. 115.162.90.246|p73a25af6.sitmnt01.ap.so-net.ne.jp.|2527 | 115.162.0.0/15 | SO | JP | SO-NET.NE.JP | SO-NET SERVICE 124.47.247.163|163.net124047247.t-com.ne.jp.|10010 | 124.47.192.0/18 | TOKAI | JP | TOKAI-COM.CO.JP | TOKAI COMMUNICATIONS CORPORATION 126.90.89.164|softbank126090089164.bbtec.net.|17676 | 126.90.0.0/16 | GIGAINFRA | JP | SOFTBANKBB.CO.JP | JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP. 183.72.147.69|u647069.xgsfmg23.imtp.tachikawa.mopera.net.|9605 | 183.72.0.0/14 | MOPERA | JP | NTTDOCOMO.COM | NTT DOCOMO INC. 210.1.161.235|baid201a1eb.bai.ne.jp.|7524 | 210.1.160.0/19 | HANSHIN | JP | ITEC.HANKYU-HANSHIN.CO.JP | ITEC HANSHIN CO. LTD. 210.194.74.48|210-194-74-48.rev.home.ne.jp.|9824 | 210.194.0.0/17 | ASN | JP | HOME.NE.JP | @NETHOME 211.135.175.97|FL1-211-135-175-97.kyt.mesh.ad.jp.|2518 | 211.135.128.0/17 | BIGLOBE | JP | BIGLOBE.NE.JP | NEC BIGLOBE LTD. 218.41.159.87|pda299f57.aicint01.ap.so-net.ne.jp.|2527 | 218.41.0.0/16 | SO | JP | SO-NET.NE.JP | SO-NET SERVICE 223.219.38.66|i223-219-38-66.s41.a013.ap.plala.or.jp.|4713 | 223.216.0.0/14 | OCN | JP | PLALA.OR.JP | NTT PLALA INC. 58.156.49.174|58x156x49x174.ap58.ftth.ucom.ne.jp.|17506 | 58.156.0.0/15 | UCOM | JP | FTTX.CO.JP | UCOM CORPORATION 61.205.34.100|100.34.205.61.west.flets.crust-r.net.|9371 | 61.205.32.0/19 | SAKURA | JP | CRUST.CO.JP | CRUST CO. LTD.
緊急警告以上。
0 件のコメント:
コメントを投稿