Red October – Indicators of compromise

“Red October” is a high-level cyber-espionage campaign that has been active for over 5 years and the discovery was announced on January 14, 2013 by Kaspersky Lab.

Below is a list of domains and IPs used in the attack. These lists can help system administrators spot infections on their network. The information is taken from the PDF at http://www.securelist.com/en/blog/208194092/Red_October_Indicators_of_compromise.

IPs

141.101.239.225
178.162.129.237
178.162.182.42
178.63.208.49
188.40.19.247
31.184.234.18
31.41.45.9
37.235.54.48
46.4.202.86
77.72.133.161
78.46.173.15
88.198.30.44
88.198.85.161
88.198.85.162
92.53.105.40
95.168.172.69
31.41.45.139
91.226.31.40
178.63.208.63
31.41.45.119
176.9.241.254
31.41.45.179
176.9.189.36
92.53.105.214
188.40.19.244
85.25.104.57

Command and Control domains

bb-apps-world.com
blackberry-apps-world.com
blackberry-update.com
csrss-check-new.com
csrss-update-new.com
csrss-upgrade-new.com
dailyinfonews.net
dll-host.com
dll-host-check.com
dll-host-udate.com
dll-host-update.com
dllupdate.info
drivers-check.com 
drivers-get.com
drivers-update-online.com
genuine-check.com
genuineservicecheck.com
genuineupdate.com
hotinfonews.com
microsoftcheck.com
microsoft-msdn.com
microsoftosupdate.com
mobile-update.com
msgenuine.net
msinfoonline.org
msonlinecheck.com
msonlineget.com
msonlineupdate.com
ms-software-check.com
ms-software-genuine.com
ms-software-update.com
new-driver-upgrade.com
nt-windows-check.com
nt-windows-online.com
nt-windows-update.com
osgenuine.com
os-microsoft-check.com
os-microsoft-update.com
security-mobile.com
shellupdate.com
svchost-check.com
svchost-online.com
svchost-update.com
update-genuine.com
win-check-update.com
windowscheckupdate.com
windows-genuine.com
windowsonlineupdate.com
win-driver-upgrade.com
wingenuine.com
wins-driver-check.com
wins-driver-update.com
wins-update.com
winupdateonline.com
winupdateos.com
world-mobile-congress.com
xponlineupdate.com

Leave a Reply

Your email address will not be published. Required fields are marked *