FYI...
Evil network: 199.195.196.176/29...
- http://blog.dynamoo.com/2016/01/evil...629-roman.html
4 Jan 2016 - "199.195.196.176/29 is a small bunch of IPs hosting browser-hijacker sites, belonging to Hosting Services, Inc. in Utah and suballocated to a customer. Several domains are flagged by Google as leading to PUAs or malware [1] [2] [3] [4] [5] [6], and almost all those domains also have anonymous registrations... Blocking 199.195.196.176/29 or monitoring traffic to it might detect infected hosts, that appear to have a bunch of per-install crapware and other stuff installed."
(More detail at the dynamoo URL above.)
1] https://www.google.com/transparencyr...downloader.biz
2] https://www.google.com/transparencyr...mile-files.com
3] https://www.google.com/transparencyr...ress-files.com
4] https://www.google.com/transparencyr...downloader.com
5] https://www.google.com/transparencyr...wn4loading.net
6] https://www.google.com/transparencyr...downloader.net
> http://centralops.net/co/DomainDossier.aspx
network:Network-Name:Dedicated Server
network:IP-Network:199.195.196.176/29
network:IP-Network-Block:199.195.196.176 - 199.195.196.183
network:Org-Name:Alyabiev, Roman
network:Street-Address:pr. Molodeznoi 7 kv. 101
network:City:Kemerovo
network:State:
network:Postal-Code:650044
network:Country-Code:RU ...
___
Ransom32: The first javascript ransomware
- https://isc.sans.edu/diary.html?storyid=20569
2016-01-04 - "... new variant and this one has been built using javascript. This malware -fakes- the NW.js framework. Once installed, connects to its C&C server on TOR network port 85 to get the bitcoin address and the crypto key used for encryption. This trend is not new and we have seen how malware is being built more and more sophisticated to avoid being detected by any antimalware control at the endpoint. You have to integrate endpoint security with network security and correlate any possible alerts that might indicate an incident happening, like a computer being connected to TOR network."
More info at: http://blog.emsisoft.com/2016/01/01/...pt-ransomware/