Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Historical OSINT - An Analysis of the South Korean/U.S DDoS Attacks Circa 2009

Friday, July 09, 2021

Historical OSINT - An Analysis of the South Korean/U.S DDoS Attacks Circa 2009

During the last couple of days, I was getting harder to resist not publishing some of literally moronic commentary on the DDos attacks, thankfully not made

by people I know in person or virtually. From the "we know they did it but we don't have data to prove it", to the very latest and most disturbing commment

by a U.S intelligence

Why disturbing? Because that's exactly what the person -- controversial to the common wisdom you don't need a team to launch this old school amateur-ish http

request flooder --

Key summary points:

- if such a small botnet with such a noisy and amateur-ish request flooder can shutdown the U.S FCC for days, I wonder what would have happened to the rest

of the sites in the target list if the size of the botnet and sophistication of DDoS techniques improved

Let me continue in this line of thought - or they secretly brainwash the Teletubies and infiltirate he hearts and minds of children across the globe, a future

generation of pro-North Korean youngerts. Or they could secretly become a Russian Business Network franchise, now try sending an abuse notice to the non-existent

North Korean ISPs. They could,

The Web is abuzz with news reports regarding the ongoing DDoS (distributed denial of service attack)

The attacks which originally took off in the 4th of July weekend, target 26 Sourth Korean and American government sites and financial institutions.

The W32.Dozer comes in the form of an email attachment

Upon execution the trojan attempts to download the list of targets from three apparently compromised servers based in Germany, the U.S and Austria.

213.23.243.210 - Mannesmann Arcor Telecommunications AG & Co

216.199.83.203 - FDN.com

213.33.116.41 - Telekom Austria Aktiengesellschaft

75.151.32.182

92.63.2.118

75.151.32.182

202.14.70.116

201.116.58.131

200.6.218.194

163.19.209.22

122.155.5.196

newrozfm.com

text string “get/China/DNS

The word china within the malware code, the

http://www.virustotal.com/analisis/7dee2bd4e317d12c9a2923d0531526822cfd37eabfd7aecc74258bb4f2d3a643-1247001891

http://www.virustotal.com/analisis/1d1814e2096d0ec88bde0c0c5122f1d07d10ca743ec5d1a3c94a227d288f05a7-1246990042

http://www.virustotal.com/analisis/7c6c89b7a7c31bcb492a581dfb6c52d09dffca9107b8fd25991c708a0069625f-1246990249

http://www.virustotal.com/analisis/f9feee6ebbc3dc0d35eea8bf00fc96cf075d59588621b0132b423a4bbf4427d4-1247006555

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Friday, July 09, 2021

Historical OSINT - An Analysis of the South Korean/U.S DDoS Attacks Circa 2009

No comments:

Post a Comment