24 May
2018
24 May
'18
7:03 a.m.
https://www.us-cert.gov/ncas/current-activity/2018/05/23/VPNFilter-Destruct…
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
All,
I need to ask you now...do any of you keep Netflow records?
If so, can you scan your records from 01JAN2016-31OCT2016 for:
proto TCP and dst net 44.xxx.xxx.xxx/xx and dst port
2000
As you go back in time, I think you'll find the origins of the IPs tell
a story different than the links above...especially before Shodan was
blocked on AMPR...
73,
- Lynwood
KB3VWG