#OCJP-122： 【報告】Kelihosボットネットの感染の最新情報（日本国内のネットワークのみ）

以前報告しました内容の続き→ [1] [2] [3] [4] 日本国内の感染数が非常に増えてしまいましたので、彫っておくと危なくなりそうなので、どのぐらいKelihosマルウェアの国内感染数が増えたかと最新情報として認識の為に報告をさせていただきます。

（１）最新Kelihosマルウェアのボットネットの日本国内影響のモニタリング情報について

モニタリング期間：

Wed Sep 11 02:18:18 JST 2013～Thu Sep 12 13:06:48 JST 2013 (33時間以上)

上記に書いた期間限定の感染されたIPアドレスの数：

３０３件

上記に書いた期間限定のマルウェアのコールバック（CNCダウンロードのリクエス）の数：

２２，４８８回数

現在全国のランクでは、日本のKelihosマルウェア感染について2番目多いとなります：

$ cat geoip.txt|grep -i "| ua |"|wc -l --> 140265
$ cat geoip.txt|grep -i "| jp |"|wc -l -->  22488 ↑
$ cat geoip.txt|grep -i "| tw |"|wc -l -->  21116 ↓
$ cat geoip.txt|grep -i "| ru |"|wc -l -->  14827 ↓
$ cat geoip.txt|grep -i "| bg |"|wc -l -->  10202 ↓
$ cat geoip.txt|grep -i "| in |"|wc -l -->   7859 ↑

（２）最新Kelihosマルウェアの感染された証拠モニタリングについて

マルウェアダウンロード証拠モニタリング期間：

2013-09-12 13:28:05～2013-09-12 14:23:28（ほぼ１時間）

上記に書いた期間限定のレコードされたマルウェアダウンロード証拠：

３１件

（３）証拠

上記の（１）と（２）に対する感染された証拠をまとめて公開いたします。

IPアドレスの情報：

1.112.118.152
101.1.101.114
101.1.116.223
101.1.85.79
101.1.98.175
110.132.17.11
110.132.92.185
110.133.122.142
110.134.223.2
110.135.81.163
110.165.184.100
110.232.228.55
110.4.186.93
110.44.69.14
110.44.69.74
111.169.212.231
111.188.21.247
111.188.32.245
111.191.64.68
111.90.47.21
112.70.136.145
112.71.209.7
113.197.29.110
113.34.28.17
113.36.123.105
113.37.209.166
113.41.110.111
113.41.115.169
113.42.175.123
114.145.185.26
114.158.135.130
114.158.66.70
114.159.245.81
114.177.132.89
114.178.171.176
114.179.186.21
114.182.0.239
114.182.1.218
114.186.235.199
114.48.173.89
114.51.153.117
115.124.247.46
115.126.143.43
116.0.152.173
116.193.114.185
116.64.146.139
116.64.19.14
116.64.61.47
116.65.108.153
116.65.108.96
116.65.154.35
117.108.21.247
117.53.2.165
117.53.21.20
118.1.188.207
118.108.45.88
118.109.127.199
118.110.123.134
118.243.232.180
118.82.61.77
118.83.129.156
118.83.130.158
118.83.132.246
118.83.132.34
118.83.21.134
118.83.31.82
118.83.51.234
118.83.6.35
118.83.88.139
118.86.101.77
118.87.220.118
119.171.164.14
119.171.166.248
119.172.108.151
119.172.192.203
119.172.244.44
119.173.184.247
119.173.70.140
119.175.241.132
119.224.222.115
119.230.71.50
119.24.112.69
119.24.115.80
119.24.145.179
119.24.185.75
119.243.176.181
119.25.233.31
119.25.54.37
119.25.54.70
119.25.66.88
119.63.23.37
119.82.194.166
120.50.231.116
121.80.135.16
122.18.142.34
122.19.64.169
122.196.169.241
122.220.218.213
122.220.92.88
122.250.89.174
123.176.151.134
123.176.154.244
123.198.87.61
123.198.96.95
123.216.212.103
123.98.225.212
124.109.194.150
124.144.150.115
124.144.229.53
124.144.77.210
124.146.207.220
124.25.205.114
124.36.84.222
124.97.196.62
125.13.215.140
125.13.31.169
125.14.123.182
125.194.101.223
125.215.80.247
125.215.81.162
125.4.0.202
125.4.145.206
125.4.170.124
125.4.52.208
125.4.71.151
125.4.83.30
126.10.217.234
126.118.214.180
126.124.42.244
126.124.46.189
126.125.158.77
126.28.61.227
126.30.9.240
126.36.26.248
126.42.22.124
126.54.28.240
126.58.228.93
126.80.157.34
126.80.159.181
126.90.85.25
153.131.123.213
153.131.40.254
153.162.22.120
153.166.238.81
153.179.200.30
153.180.231.65
153.185.27.142
175.177.71.131
175.184.1.175
175.184.1.41
175.184.1.75
175.28.21.237
180.0.105.139
180.0.37.234
180.12.151.6
180.18.229.155
180.199.219.21
180.2.202.198
180.221.160.55
180.221.227.24
180.221.245.220
180.221.248.217
180.233.97.129
180.235.49.202
180.35.209.179
180.40.234.184
180.47.245.159
180.49.208.63
180.61.13.159
182.166.237.32
182.166.237.74
182.166.241.223
182.166.242.129
182.169.194.188
182.23.252.246
183.72.112.114
183.72.146.247
183.72.61.95
183.72.67.117
183.73.57.47
183.73.72.227
202.125.56.173
202.163.182.78
202.172.84.241
202.231.191.31
202.57.226.178
202.58.149.67
202.58.159.140
202.8.211.14
203.165.107.223
203.165.56.135
203.170.34.90
203.170.37.40
203.170.43.65
203.202.195.159
210.128.43.48
210.131.36.219
210.131.67.218
210.171.89.79
210.194.110.215
210.79.195.43
211.120.134.173
211.121.127.97
211.124.122.17
211.124.183.6
211.124.58.145
211.125.153.177
211.135.64.199
211.135.67.118
211.14.245.46
218.125.172.11
218.216.209.77
218.216.211.99
218.216.244.79
218.220.103.110
218.220.146.219
218.220.204.67
218.220.241.16
218.220.248.83
218.220.35.159
218.221.57.80
218.223.210.107
218.223.23.39
218.227.40.159
219.101.29.174
219.105.109.48
219.105.188.238
219.106.176.133
219.109.253.33
219.110.130.123
219.110.155.103
219.110.231.191
219.112.156.194
219.115.70.107
219.115.71.102
219.115.73.150
219.115.91.169
219.122.24.106
219.124.208.99
219.162.30.30
219.167.47.66
219.29.85.91
220.1.4.30
220.104.218.167
220.152.77.20
220.20.197.40
220.208.104.30
220.210.129.1
220.220.180.48
220.247.69.48
220.47.232.11
220.6.8.34
221.121.224.138
221.17.12.18
221.188.211.138
223.219.39.173
27.116.2.229
27.126.125.20
27.127.150.70
27.140.38.86
27.140.40.254
27.141.21.141
27.231.96.161
42.127.176.134
42.144.74.6
42.145.160.33
42.147.51.98
42.148.107.25
42.148.129.162
42.148.7.50
42.83.8.126
42.83.8.31
49.250.139.223
49.251.49.144
58.156.49.174
58.70.93.207
58.70.93.90
58.81.6.131
58.85.116.11
58.85.88.113
58.90.250.119
59.158.149.85
59.191.172.196
60.39.4.118
61.11.172.66
61.115.148.218
61.115.166.71
61.192.0.234
61.192.58.154
61.200.114.40
61.206.208.126
61.207.103.227
61.207.89.19
61.22.110.247
61.22.110.248
61.22.129.144
61.22.169.240
61.22.82.177
61.23.164.152
61.24.100.228
61.24.244.134
61.27.1.119
61.46.208.177

感染されたIPのマルウェアダウンロード証拠あり

>>> 113.37.209.166
>>> 116.65.108.153
>>> 116.65.154.35
>>> 117.108.21.247
>>> 118.1.188.207
>>> 118.108.45.88
>>> 118.83.51.234
>>> 119.171.164.14
>>> 119.172.192.203
>>> 119.173.70.140
>>> 119.24.185.75
>>> 122.18.142.34
>>> 122.250.89.174
>>> 124.144.150.115
>>> 124.25.205.114
>>> 125.4.170.124
>>> 125.4.145.206
>>> 126.124.42.244
>>> 175.28.21.237
>>> 180.0.37.234
>>> 180.0.105.139
>>> 180.2.202.198
>>> 180.47.245.159
>>> 202.57.226.178
>>> 202.125.56.173
>>> 210.131.67.218
>>> 218.125.172.11
>>> 219.29.85.91
>>> 219.101.29.174
>>> 27.116.2.229
>>> 42.127.176.134

Kelihos（ダウンローダートロイの分）マルウェアダウンロード証拠：

>>> 113.37.209.166
--2013-09-12 13:40:44--  hxxp://113.37.209.166/calc.exe
Connecting to 113.37.209.166:80... connected.
HTTP request sent, awaiting response... 200
Length: 724992 (708K) []
Saving to: 'calc.exe.3'
100%[  =========================>] 724,992     1.56MB/s   in 0.4s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:40:49 (1.56 MB/s) - 'calc.exe.3' saved [724992/724992]

>>> 116.65.108.153
--2013-09-12 13:42:30--  hxxp://116.65.108.153/calc.exe
Connecting to 116.65.108.153:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.4'
100%[  =========================>] 724,992      234KB/s   in 3.0s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:42:36 (234 KB/s) - 'calc.exe.4' saved [724992/724992]

>>> 116.65.154.35
--2013-09-12 13:28:05--  hxxp://116.65.154.35/calc.exe
Connecting to 116.65.154.35:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.1'
100%[  =========================>] 724,992      228KB/s   in 3.1s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:28:09 (228 KB/s) - 'calc.exe.1' saved [724992/724992]

--2013-09-12 13:28:12--  (try: 2)  hxxp://117.108.21.247/calc.exe
Connecting to 117.108.21.247:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.2'
100%[  =========================>] 724,992     2.07MB/s   in 0.3s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:28:12 (2.07 MB/s) - 'calc.exe.2' saved [724992/724992]

>>> 117.108.21.247
--2013-09-12 13:42:46--  hxxp://117.108.21.247/calc.exe
Connecting to 117.108.21.247:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.5'
100%[  =========================>] 724,992     1.89MB/s   in 0.4s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:42:47 (1.89 MB/s) - 'calc.exe.5' saved [724992/724992]

>>> 118.1.188.207
--2013-09-12 13:42:57--  hxxp://118.1.188.207/calc.exe
Connecting to 118.1.188.207:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.6'
100%[  =========================>] 724,992     2.18MB/s   in 0.3s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:42:57 (2.18 MB/s) - 'calc.exe.6' saved [724992/724992]

>>> 118.108.45.88
--2013-09-12 13:42:57--  hxxp://118.108.45.88/calc.exe
Connecting to 118.108.45.88:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.7'
100%[  =========================>] 724,992     1.10MB/s   in 0.6s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:42:58 (1.10 MB/s) - 'calc.exe.7' saved [724992/724992]

>>> 118.83.51.234
--2013-09-12 13:43:48--  hxxp://118.83.51.234/calc.exe
Connecting to 118.83.51.234:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.8'
100%[  =========================>] 724,992      112KB/s   in 6.3s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:43:55 (112 KB/s) - 'calc.exe.8' saved [724992/724992]

>>> 119.171.164.14
--2013-09-12 13:44:15--  hxxp://119.171.164.14/calc.exe
Connecting to 119.171.164.14:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.9'
100%[  =========================>] 724,992      149KB/s   in 4.7s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:44:19 (149 KB/s) - 'calc.exe.9' saved [724992/724992]

>>> 119.172.192.203
--2013-09-12 13:44:29--  hxxp://119.172.192.203/calc.exe
Connecting to 119.172.192.203:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.10'
100%[  =========================>] 724,992      233KB/s   in 3.0s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:44:33 (233 KB/s) - 'calc.exe.10' saved [724992/724992]

>>> 119.173.70.140
--2013-09-12 13:44:43--  hxxp://119.173.70.140/calc.exe
Connecting to 119.173.70.140:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 21761 (21K) [text/html]
Saving to: 'calc.exe.11'
100%[  =========================>] 21,761      --.-K/s   in 0.1s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:44:43 (144 KB/s) - 'calc.exe.11' saved [21761/21761]

>>> 119.24.185.75
--2013-09-12 13:45:08--  hxxp://119.24.185.75/calc.exe
Connecting to 119.24.185.75:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.12'
100%[  =========================>] 724,992      231KB/s   in 3.1s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:45:12 (231 KB/s) - 'calc.exe.12' saved [724992/724992]

>>> 122.18.142.34
--2013-09-12 13:45:52--  hxxp://122.18.142.34/calc.exe
Connecting to 122.18.142.34:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.13'
100%[  =========================>] 724,992     2.18MB/s   in 0.3s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:45:53 (2.18 MB/s) - 'calc.exe.13' saved [724992/724992]

>>> 122.250.89.174
--2013-09-12 13:46:13--  hxxp://122.250.89.174/calc.exe
Connecting to 122.250.89.174:80... connected.
HTTP request sent, awaiting response... 200
Length: 724992 (708K) []
Saving to: 'calc.exe.14'
100%[  =========================>] 724,992      113KB/s   in 6.8s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:46:24 (104 KB/s) - 'calc.exe.14' saved [724992/724992]

>>> 124.144.150.115
--2013-09-12 13:46:59--  hxxp://124.144.150.115/calc.exe
Connecting to 124.144.150.115:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.15'
100%[  =========================>] 724,992      867KB/s   in 0.8s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:47:00 (867 KB/s) - 'calc.exe.15' saved [724992/724992]

>>> 125.4.170.124
--2013-09-12 13:48:05--  hxxp://125.4.170.124/calc.exe
Connecting to 125.4.170.124:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.16'
100%[  =========================>] 724,992      872KB/s   in 0.8s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:48:06 (872 KB/s) - 'calc.exe.16' saved [724992/724992]

>>> 126.124.42.244
--2013-09-12 13:48:31--  hxxp://126.124.42.244/calc.exe
Connecting to 126.124.42.244:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.17'
100%[  =========================>] 724,992     1.17MB/s   in 0.6s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:48:32 (1.17 MB/s) - 'calc.exe.17' saved [724992/724992]

>>> 180.0.37.234
--2013-09-12 13:50:27--  hxxp://180.0.37.234/calc.exe
Connecting to 180.0.37.234:80... connected.
HTTP request sent, awaiting response... 200
Length: 724992 (708K) []
Saving to: 'calc.exe.18'
100%[  =========================>] 724,992     2.34MB/s   in 0.3s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:50:32 (2.34 MB/s) - 'calc.exe.18' saved [724992/724992]

>>> 180.2.202.198
--2013-09-12 13:50:47--  hxxp://180.2.202.198/calc.exe
Connecting to 180.2.202.198:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.19'
100%[  =========================>] 724,992     2.24MB/s   in 0.3s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:50:49 (2.24 MB/s) - 'calc.exe.19' saved [724992/724992]

>>> 180.47.245.159
--2013-09-12 13:51:29--  hxxp://180.47.245.159/calc.exe
Connecting to 180.47.245.159:80... connected.
HTTP request sent, awaiting response... 200
Length: 724992 (708K) []
Saving to: 'calc.exe.20'
100%[  =========================>] 724,992     2.41MB/s   in 0.3s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:51:34 (2.41 MB/s) - 'calc.exe.20' saved [724992/724992]

>>> 202.57.226.178
--2013-09-12 13:52:50--  hxxp://202.57.226.178/calc.exe
Connecting to 202.57.226.178:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.21'
100%[  =========================>] 724,992      549KB/s   in 1.3s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:52:51 (549 KB/s) - 'calc.exe.21' saved [724992/724992]

>>> 210.131.67.218
--2013-09-12 13:53:42--  hxxp://210.131.67.218/calc.exe
Connecting to 210.131.67.218:80... connected.
HTTP request sent, awaiting response... 200
Length: 724992 (708K) []
Saving to: 'calc.exe.22'
100%[  =========================>] 724,992     2.25MB/s   in 0.3s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:53:47 (2.25 MB/s) - 'calc.exe.22' saved [724992/724992]

>>> 219.29.85.91
--2013-09-12 13:57:13--  hxxp://219.29.85.91/calc.exe
Connecting to 219.29.85.91:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.23'
100%[  =========================>] 724,992     33.8KB/s   in 19s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:57:32 (37.5 KB/s) - 'calc.exe.23' saved [724992/724992]

>>> 42.127.176.134
--2013-09-12 13:59:17--  hxxp://42.127.176.134/calc.exe
Connecting to 42.127.176.134:80... connected.
HTTP request sent, awaiting response... 200
Length: 724992 (708K) []
Saving to: 'calc.exe.24'
100%[  =========================>] 724,992     2.12MB/s   in 0.3s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 13:59:21 (2.12 MB/s) - 'calc.exe.24' saved [724992/724992]

>>> 124.25.205.114
--2013-09-12 14:11:55--  hxxp://124.25.205.114/calc.exe
Connecting to 124.25.205.114:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.35'
100%[  =========================>] 724,992     98.8KB/s   in 7.6s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 14:12:03 (93.3 KB/s) - 'calc.exe.35' saved [724992/724992]

>>> 125.4.145.206
--2013-09-12 14:12:43--  hxxp://125.4.145.206/calc.exe
Connecting to 125.4.145.206:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.36'
100%[  =========================>] 724,992      156KB/s   in 4.6s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 14:12:48 (154 KB/s) - 'calc.exe.36' saved [724992/724992]

>>> 122.18.142.34
--2013-09-12 14:10:33--  hxxp://122.18.142.34/calc.exe
Connecting to 122.18.142.34:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.33'
100%[  =========================>] 724,992     2.26MB/s   in 0.3s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 14:10:33 (2.26 MB/s) - 'calc.exe.33' saved [724992/724992]


>>> 180.0.105.139
--2013-09-12 14:15:16--  hxxp://180.0.105.139/calc.exe
Connecting to 180.0.105.139:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.38'
100%[  =========================>] 724,992     1.43MB/s   in 0.5s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 14:15:17 (1.43 MB/s) - 'calc.exe.38' saved [724992/724992]

>>> 175.28.21.237
--2013-09-12 14:15:09--  hxxp://175.28.21.237/calc.exe
Connecting to 175.28.21.237:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.37'
100%[  =========================>] 724,992      101KB/s   in 7.0s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 14:15:16 (101 KB/s) - 'calc.exe.37' saved [724992/724992]

>>> 202.125.56.173
--2013-09-12 14:17:18--  hxxp://202.125.56.173/calc.exe
Connecting to 202.125.56.173:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.41'
100%[  =========================>] 724,992     21.2KB/s   in 26s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 14:17:44 (27.5 KB/s) - 'calc.exe.41' saved [724992/724992]

>>> 218.125.172.11
--2013-09-12 14:19:42--  hxxp://218.125.172.11/calc.exe
Connecting to 218.125.172.11:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.44'
100%[  =========================>] 724,992     82.6KB/s   in 8.2s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 14:19:50 (86.3 KB/s) - 'calc.exe.44' saved [724992/724992]

>>> 219.101.29.174
--2013-09-12 14:20:51--  hxxp://219.101.29.174/calc.exe
Connecting to 219.101.29.174:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.45'
100%[  =========================>] 724,992      112KB/s   in 7.0s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 14:20:58 (102 KB/s) - 'calc.exe.45' saved [724992/724992]

>>> 27.116.2.229
--2013-09-12 14:23:28--  hxxp://27.116.2.229/calc.exe
Connecting to 27.116.2.229:80... connected.
HTTP request sent, awaiting response... 200 Ok
Length: 724992 (708K) [application/octet-stream]
Saving to: 'calc.exe.46'
100%[  =========================>] 724,992      573KB/s   in 1.2s
Last-modified header invalid -- time-stamp ignored.
2013-09-12 14:23:30 (573 KB/s) - 'calc.exe.46' saved [724992/724992]

全体的のKelihosボットネットのコールバック一覧：
モニタリング期間上で取った感染された国内IP情報の一覧を取りましたので、データは国内ネットワーク情報やISPルート経由に細かくにして出します、そして感染されたPCからのリクエストのタイムスタムプも書いてありますから、このデータを使えばISP毎でどのダイアルアップのアカウントIDが感染されたのか調べられます。すみませんが。データが大きいからテキストデーのダウンロード形しか用意が出来ませんので、アクセスはこちらとなります。

リアルタイム感染モニターリング仕組みがありますか？

国内Kelihosマルウェア感染のモニターリング仕組みを作ったので、自分のネットワークが御確認したい方々にはアクセスをどうぞ。アクセスの手順はこちら→https://t.co/PY4yzOLckc　＋モニターリング画面を添付しました↓ pic.twitter.com/7UsfsUZ23Q

— Hendrik ADRIAN (@unixfreaxjp) September 18, 2013

アクセスしたい方が居ないみたいなので、モニターリングシステムを一止めます。

手順を見たい方々がGoogleDriveでシェアしますが、ご依頼をください。
セキュリティの為に別のチャンネルに現在移動しましたので、ご了承ください。
モニタリング仕組みを見たい方々がについてはtwitterでご連絡ください。
モニタリングシステムの使い方が気をつけないとKelihosマルウェアファイルがダウンロードしてしまう可能性が出ますので、パソコンに感染される可能性もありますので、セキュリティ専門若しくはIncident and Responseチームメンバーのみでシステムのみでアクセスを公開させて頂きます。

最新感染証拠をご確認したい方々がについてはurlqueryのサイトにregex検索方法を公開致しますので、
アクセスはこちらです。

以上