Russian Anal Probing + Malware
Randy Bush
randy at psg.com
Sun Jun 23 21:23:01 UTC 2019
>> It's just a port/vulnerability scanner, I really don't see anything
>> special about this particular case.
>
> they are pushing exploits. trying to RCE, wget a binary, chmod 777 on
> routers and rm -rf files.
>
> this goes way beyond scanner and into criminal trespass and
> destruction of property.
>
> https://twitter.com/JayTHL/status/1128700101675954176
having trouble following the attribution. yes, of course there are folk
trying to exploit. but missing the link that *these* folk are.
e.g. i am aware of researchers scanning to see patching spread and
trying to make a conext paper dreadline this week or infocom next month.
hard to tell the sheep from the goats and the wolf from the sheep. i
get the appended. sheep or wholf? i sure do not claim to be smart
enough to know. but i sure am glad others are </snark>.
randy
---
Jun 20 18:53:23 winnti-scanner-victims-will-be-notified.threatsinkhole.com ÃVDz/·
Jun 20 18:53:23 ran rsyslogd: imtcp imtcp: Framing Error in received TCP message from peer: (hostname) winnti-scanner-victims-will-be-notified.threatsinkhole.com, (ip) winnti-scanner-victims-will-be-notified.threatsinkhole.com: delimiter is not SP but has ASCII value -51. [v8.32.0]
Jun 20 18:53:55 winnti-scanner-victims-will-be-notified.threatsinkhole.com ÀtCâ #000F#000#000#000#000#000ºÁ«#000#000#000#000#001#004F#000#000#000#003#010»=)²#027Ä$íª#000#000#000#000#000++#000#000#000#000(#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#001#001#000#000#000#000#026#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#004#000#000#000#000#000#000#000#000#000#004#000#000#000#000
More information about the NANOG
mailing list