Re: [mailop] CutWail infections growing again, all China based..

Michael Peddemors via mailop Wed, 22 Jul 2020 07:46:25 -0700

On 2020-07-21 9:15 a.m., Bill Cole via mailop wrote:

On 19 Jul 2020, at 22:38, Chris via mailop wrote:
It is particularly bizarre that it infests one ISP like this. I'mwondering if someone managed to force the infection to do IPreallocations frequently to IP-hop. Cutwail normally has thousands ofinfected IPs per campaign spread across ISPs.
I have noticed something Cutwail-like (fast-talking starting with bogusHELO name (e.g. ymlf-pc) ) clustering in single-ISP ranges, as if itspread via probing nearby IPs with whatever its infection vector is. No2020 cases of that which I've noticed, but there's been a generaldecline in the phylum of fast-talkers from my vantage points this year.

If someone wants to play around with these reports, and if this threadis interesting, probably should take it to the SDLU mailing list, orsomething similar.. was just interesting that it is contained to onenetwork, and that the increase started about the same time as the emotetstarted back up again.. Last 24 hours new reports.. (Simple Cutwail) atbottom.

The more sophisticated version still out there, but not increasingmuch.. be nice to see take downs of these.


156.96.56.48    x2      
190.146.128.23  x2      static-ip-19014612823.cable.net.co
92.46.239.2     x5      zinc.kz

 ...

Simpler CutWail version..

1.193.228.202   x1      NXDOMAIN
1.193.228.232   x1      NXDOMAIN
1.194.72.79     x1      
1.194.90.163    x1      
1.195.126.94    x1      NXDOMAIN
1.197.73.196    x1      
1.197.89.104    x1      
1.197.89.175    x1      
1.197.95.21     x1      
103.151.124.79  x1      NXDOMAIN
106.42.60.203   x1      
110.166.211.42  x2      NXDOMAIN
110.190.16.232  x1      NXDOMAIN
111.225.152.172 x1      NXDOMAIN
111.225.153.151 x1      NXDOMAIN
111.225.153.175 x1      NXDOMAIN
111.227.162.29  x1      
111.227.229.182 x2      
111.75.154.57   x1      
111.75.228.29   x1      
111.77.114.81   x1      NXDOMAIN
111.77.190.126  x1      NXDOMAIN
112.171.192.98  x12     NXDOMAIN
113.123.119.101 x1      NXDOMAIN
113.124.87.103  x1      NXDOMAIN
113.228.103.112 x1      NXDOMAIN
113.228.103.236 x1      NXDOMAIN
113.228.107.242 x1      NXDOMAIN
113.231.82.221  x1      NXDOMAIN
113.231.83.195  x1      NXDOMAIN
113.236.92.80   x1      NXDOMAIN
113.238.104.144 x1      NXDOMAIN
114.100.133.172 x1      NXDOMAIN
114.102.28.36   x1      NXDOMAIN
114.104.210.207 x1      NXDOMAIN
114.104.235.147 x1      NXDOMAIN
114.236.21.4    x1      NXDOMAIN
114.236.22.94   x1      NXDOMAIN
114.239.149.97  x1      NXDOMAIN
114.239.172.138 x1      NXDOMAIN
114.96.37.36    x1      NXDOMAIN
114.98.162.229  x1      NXDOMAIN
114.99.221.171  x1      NXDOMAIN
115.196.66.54   x1      NXDOMAIN
115.201.84.22   x1      NXDOMAIN
115.201.88.191  x1      NXDOMAIN
115.201.88.9    x1      NXDOMAIN
115.211.125.159 x1      NXDOMAIN
115.211.125.179 x1      NXDOMAIN
115.211.52.200  x2      NXDOMAIN
115.211.55.44   x1      NXDOMAIN
115.211.61.126  x1      NXDOMAIN
115.220.130.9   x1      NXDOMAIN
115.229.16.191  x2      NXDOMAIN
115.230.51.77   x1      NXDOMAIN
116.209.138.13  x1      NXDOMAIN
116.209.142.111 x1      NXDOMAIN
116.3.98.171    x1      
117.26.40.37    x1      37.40.26.117.broad.qz.fj.dynamic.163data.com.cn
117.66.44.77    x1      NXDOMAIN
117.66.47.117   x1      NXDOMAIN
117.69.186.116  x1      NXDOMAIN
117.69.187.146  x1      NXDOMAIN
117.82.254.53   x1      NXDOMAIN
118.117.90.133  x1      NXDOMAIN
118.117.90.216  x1      NXDOMAIN
118.118.9.7     x1      NXDOMAIN
118.213.229.138 x1      NXDOMAIN
119.113.195.247 x1      NXDOMAIN
119.54.0.197    x2      197.0.54.119.adsl-pool.jlccptt.net.cn
119.54.11.229   x1      229.11.54.119.adsl-pool.jlccptt.net.cn
119.54.12.170   x1      170.12.54.119.adsl-pool.jlccptt.net.cn
119.54.14.23    x1      23.14.54.119.adsl-pool.jlccptt.net.cn
119.54.15.220   x1      220.15.54.119.adsl-pool.jlccptt.net.cn
119.54.16.228   x3      228.16.54.119.adsl-pool.jlccptt.net.cn
119.54.21.228   x2      228.21.54.119.adsl-pool.jlccptt.net.cn
119.54.24.116   x1      116.24.54.119.adsl-pool.jlccptt.net.cn
119.54.26.6     x1      6.26.54.119.adsl-pool.jlccptt.net.cn
119.54.29.167   x1      167.29.54.119.adsl-pool.jlccptt.net.cn
119.54.29.244   x1      244.29.54.119.adsl-pool.jlccptt.net.cn
119.54.31.177   x1      177.31.54.119.adsl-pool.jlccptt.net.cn
119.54.31.223   x1      223.31.54.119.adsl-pool.jlccptt.net.cn
119.54.34.221   x1      221.34.54.119.adsl-pool.jlccptt.net.cn
119.54.34.31    x1      31.34.54.119.adsl-pool.jlccptt.net.cn
119.54.35.21    x2      21.35.54.119.adsl-pool.jlccptt.net.cn
119.54.35.79    x2      79.35.54.119.adsl-pool.jlccptt.net.cn
119.54.36.152   x1      152.36.54.119.adsl-pool.jlccptt.net.cn
119.54.36.159   x2      159.36.54.119.adsl-pool.jlccptt.net.cn
119.54.4.155    x1      155.4.54.119.adsl-pool.jlccptt.net.cn
119.54.43.164   x1      164.43.54.119.adsl-pool.jlccptt.net.cn
119.54.43.182   x2      182.43.54.119.adsl-pool.jlccptt.net.cn
119.54.45.57    x1      57.45.54.119.adsl-pool.jlccptt.net.cn
119.54.46.128   x1      128.46.54.119.adsl-pool.jlccptt.net.cn
119.54.9.2      x1      2.9.54.119.adsl-pool.jlccptt.net.cn
119.55.137.195  x1      195.137.55.119.adsl-pool.jlccptt.net.cn
119.55.224.231  x1      231.224.55.119.adsl-pool.jlccptt.net.cn
119.55.253.191  x1      191.253.55.119.adsl-pool.jlccptt.net.cn
119.55.254.229  x1      229.254.55.119.adsl-pool.jlccptt.net.cn
119.55.255.131  x1      131.255.55.119.adsl-pool.jlccptt.net.cn
119.55.255.212  x1      212.255.55.119.adsl-pool.jlccptt.net.cn
121.226.4.250   x1      NXDOMAIN
122.140.114.173 x1      173.114.140.122.adsl-pool.jlccptt.net.cn
122.140.115.36  x1      36.115.140.122.adsl-pool.jlccptt.net.cn
122.140.68.106  x1      106.68.140.122.adsl-pool.jlccptt.net.cn
122.140.70.239  x1      239.70.140.122.adsl-pool.jlccptt.net.cn
122.140.71.180  x1      180.71.140.122.adsl-pool.jlccptt.net.cn
122.140.80.87   x1      87.80.140.122.adsl-pool.jlccptt.net.cn
122.141.156.201 x1      201.156.141.122.adsl-pool.jlccptt.net.cn
122.143.204.82  x1      82.204.143.122.adsl-pool.jlccptt.net.cn
122.143.219.85  x1      85.219.143.122.adsl-pool.jlccptt.net.cn
122.143.225.199 x1      199.225.143.122.adsl-pool.jlccptt.net.cn
122.143.225.219 x2      219.225.143.122.adsl-pool.jlccptt.net.cn
122.143.226.227 x1      227.226.143.122.adsl-pool.jlccptt.net.cn
122.143.226.69  x1      69.226.143.122.adsl-pool.jlccptt.net.cn
122.241.26.27   x1      NXDOMAIN
123.169.34.4    x1      NXDOMAIN
123.189.141.117 x1      NXDOMAIN
123.189.147.64  x1      NXDOMAIN
124.112.104.247 x1      NXDOMAIN
125.121.143.184 x1      NXDOMAIN
125.87.86.16    x1      NXDOMAIN
139.209.227.42  x1      42.227.209.139.adsl-pool.jlccptt.net.cn
139.211.108.246 x1      246.108.211.139.adsl-pool.jlccptt.net.cn
139.213.4.156   x1      156.4.213.139.adsl-pool.jlccptt.net.cn
139.213.9.66    x1      66.9.213.139.adsl-pool.jlccptt.net.cn
144.0.80.251    x1      
144.0.98.233    x1      
144.255.251.118 x2      
156.96.151.234  x1      
165.231.148.144 x1      NXDOMAIN
171.12.115.232  x1      
171.12.132.160  x1      
171.13.18.68    x1      
171.15.150.26   x2      
171.44.211.216  x1      NXDOMAIN
171.44.229.153  x1      NXDOMAIN
171.44.231.80   x1      NXDOMAIN
171.94.18.160   x1      NXDOMAIN
171.94.18.234   x1      NXDOMAIN
171.94.19.178   x1      NXDOMAIN
171.94.19.215   x1      NXDOMAIN
171.95.16.110   x1      NXDOMAIN
171.95.24.82    x1      NXDOMAIN
173.254.192.196 x1      173.254.192.196.static.quadranet.com
175.18.101.207  x1      207.101.18.175.adsl-pool.jlccptt.net.cn
175.18.91.190   x1      190.91.18.175.adsl-pool.jlccptt.net.cn
175.18.92.142   x1      142.92.18.175.adsl-pool.jlccptt.net.cn
175.18.95.158   x1      158.95.18.175.adsl-pool.jlccptt.net.cn
175.18.98.189   x2      189.98.18.175.adsl-pool.jlccptt.net.cn
175.21.65.119   x1      119.65.21.175.adsl-pool.jlccptt.net.cn
175.21.66.78    x1      78.66.21.175.adsl-pool.jlccptt.net.cn
175.21.67.133   x1      133.67.21.175.adsl-pool.jlccptt.net.cn
175.21.67.74    x1      74.67.21.175.adsl-pool.jlccptt.net.cn
175.21.67.8     x2      8.67.21.175.adsl-pool.jlccptt.net.cn
175.21.73.166   x1      166.73.21.175.adsl-pool.jlccptt.net.cn
175.23.200.19   x2      19.200.23.175.adsl-pool.jlccptt.net.cn
175.23.202.182  x1      182.202.23.175.adsl-pool.jlccptt.net.cn
175.23.203.153  x1      153.203.23.175.adsl-pool.jlccptt.net.cn
175.23.203.177  x1      177.203.23.175.adsl-pool.jlccptt.net.cn
175.23.204.249  x1      249.204.23.175.adsl-pool.jlccptt.net.cn
175.23.209.249  x1      249.209.23.175.adsl-pool.jlccptt.net.cn
175.23.217.161  x1      161.217.23.175.adsl-pool.jlccptt.net.cn
175.23.217.165  x1      165.217.23.175.adsl-pool.jlccptt.net.cn
175.23.217.211  x1      211.217.23.175.adsl-pool.jlccptt.net.cn
175.23.217.96   x1      96.217.23.175.adsl-pool.jlccptt.net.cn
175.23.217.99   x1      99.217.23.175.adsl-pool.jlccptt.net.cn
175.23.218.100  x1      100.218.23.175.adsl-pool.jlccptt.net.cn
175.23.218.87   x1      87.218.23.175.adsl-pool.jlccptt.net.cn
175.23.236.45   x1      45.236.23.175.adsl-pool.jlccptt.net.cn
180.126.66.155  x1      NXDOMAIN
182.101.240.190 x1      NXDOMAIN
182.105.5.117   x1      NXDOMAIN
182.131.93.172  x1      NXDOMAIN
182.145.13.61   x1      NXDOMAIN
182.145.15.129  x1      NXDOMAIN
182.34.147.178  x1      NXDOMAIN
182.34.17.167   x1      NXDOMAIN
182.34.204.64   x1      NXDOMAIN
182.38.201.39   x1      NXDOMAIN
182.38.202.10   x1      NXDOMAIN
182.47.86.241   x1      NXDOMAIN
182.99.204.199  x1      NXDOMAIN
183.129.88.136  x2      NXDOMAIN
183.151.250.78  x1      NXDOMAIN
183.151.250.90  x1      NXDOMAIN
183.151.255.239 x1      NXDOMAIN
183.155.230.80  x1      NXDOMAIN
183.162.198.238 x2      NXDOMAIN
183.163.208.54  x1      NXDOMAIN
183.166.164.146 x1      NXDOMAIN
183.166.164.40  x1      NXDOMAIN
183.7.10.168    x1      NXDOMAIN
183.7.18.225    x1      NXDOMAIN
183.7.88.123    x1      NXDOMAIN
218.62.126.220  x1      220.126.62.218.adsl-pool.jlccptt.net.cn
218.62.126.43   x1      43.126.62.218.adsl-pool.jlccptt.net.cn
218.85.249.126  x1      NXDOMAIN
220.201.84.166  x1      
221.8.243.176   x1      176.243.8.221.adsl-pool.jlccptt.net.cn
221.8.243.251   x1      251.243.8.221.adsl-pool.jlccptt.net.cn
221.9.130.136   x1      136.130.9.221.adsl-pool.jlccptt.net.cn
221.9.130.167   x1      167.130.9.221.adsl-pool.jlccptt.net.cn
221.9.131.247   x1      247.131.9.221.adsl-pool.jlccptt.net.cn
221.9.131.249   x1      249.131.9.221.adsl-pool.jlccptt.net.cn
221.9.131.31    x1      31.131.9.221.adsl-pool.jlccptt.net.cn
221.9.134.109   x1      109.134.9.221.adsl-pool.jlccptt.net.cn
221.9.149.101   x1      101.149.9.221.adsl-pool.jlccptt.net.cn
221.9.150.154   x2      154.150.9.221.adsl-pool.jlccptt.net.cn
221.9.154.225   x1      225.154.9.221.adsl-pool.jlccptt.net.cn
221.9.156.12    x1      12.156.9.221.adsl-pool.jlccptt.net.cn
221.9.156.174   x1      174.156.9.221.adsl-pool.jlccptt.net.cn
221.9.156.248   x1      248.156.9.221.adsl-pool.jlccptt.net.cn
221.9.157.225   x1      225.157.9.221.adsl-pool.jlccptt.net.cn
221.9.158.191   x1      191.158.9.221.adsl-pool.jlccptt.net.cn
221.9.159.14    x1      14.159.9.221.adsl-pool.jlccptt.net.cn
222.161.117.92  x1      92.117.161.222.adsl-pool.jlccptt.net.cn
222.161.118.124 x1      124.118.161.222.adsl-pool.jlccptt.net.cn
222.161.118.136 x1      136.118.161.222.adsl-pool.jlccptt.net.cn
222.161.119.107 x1      107.119.161.222.adsl-pool.jlccptt.net.cn
222.161.119.206 x1      206.119.161.222.adsl-pool.jlccptt.net.cn
222.162.11.237  x1      237.11.162.222.adsl-pool.jlccptt.net.cn
222.162.11.90   x2      90.11.162.222.adsl-pool.jlccptt.net.cn
222.162.36.165  x1      165.36.162.222.adsl-pool.jlccptt.net.cn
222.162.36.8    x2      8.36.162.222.adsl-pool.jlccptt.net.cn
222.162.43.199  x1      199.43.162.222.adsl-pool.jlccptt.net.cn
222.162.44.79   x1      79.44.162.222.adsl-pool.jlccptt.net.cn
222.162.46.207  x1      207.46.162.222.adsl-pool.jlccptt.net.cn
222.162.46.90   x1      90.46.162.222.adsl-pool.jlccptt.net.cn
222.162.49.241  x1      241.49.162.222.adsl-pool.jlccptt.net.cn
222.162.49.58   x1      58.49.162.222.adsl-pool.jlccptt.net.cn
222.163.210.61  x1      61.210.163.222.adsl-pool.jlccptt.net.cn
222.163.218.144 x1      144.218.163.222.adsl-pool.jlccptt.net.cn
223.240.184.233 x1      NXDOMAIN
223.243.181.44  x1      NXDOMAIN
223.247.21.187  x1      NXDOMAIN
27.29.56.234    x1      NXDOMAIN
27.40.111.153   x1      NXDOMAIN
27.40.91.74     x1      NXDOMAIN
36.22.65.211    x1      NXDOMAIN
36.59.195.117   x1      NXDOMAIN
36.6.79.152     x1      NXDOMAIN
36.63.246.207   x1      NXDOMAIN
42.6.53.133     x1      NXDOMAIN
42.7.218.150    x1      NXDOMAIN
49.64.252.242   x1      NXDOMAIN
49.83.225.74    x1      NXDOMAIN
58.21.161.143   x2      143.161.21.58.adsl-pool.jlccptt.net.cn
58.21.161.17    x1      17.161.21.58.adsl-pool.jlccptt.net.cn
58.21.162.116   x1      116.162.21.58.adsl-pool.jlccptt.net.cn
58.21.164.207   x2      207.164.21.58.adsl-pool.jlccptt.net.cn
58.53.125.160   x1      NXDOMAIN
59.55.29.119    x1      
60.166.163.202  x1      NXDOMAIN
60.166.164.128  x1      NXDOMAIN
60.20.101.84    x1      NXDOMAIN
61.180.65.194   x1      NXDOMAIN
61.187.144.240  x1      NXDOMAIN
83.220.243.114  x1      NXDOMAIN
94.102.54.138   x1      NXDOMAIN
94.102.54.140   x2      NXDOMAIN
94.102.54.235   x5      NXDOMAIN





--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] CutWail infections growing again, all China based..

Reply via email to