“Red October” is a high-level cyber-espionage campaign that has been active for over 5 years and the discovery was announced on January 14, 2013 by Kaspersky Lab.
Below is a list of domains and IPs used in the attack. These lists can help system administrators spot infections on their network. The information is taken from the PDF at http://www.securelist.com/en/blog/208194092/Red_October_Indicators_of_compromise.
IPs
141.101.239.225 178.162.129.237 178.162.182.42 178.63.208.49 188.40.19.247 31.184.234.18 31.41.45.9 37.235.54.48 46.4.202.86 77.72.133.161 78.46.173.15 88.198.30.44 88.198.85.161 88.198.85.162 92.53.105.40 95.168.172.69 31.41.45.139 91.226.31.40 178.63.208.63 31.41.45.119 176.9.241.254 31.41.45.179 176.9.189.36 92.53.105.214 188.40.19.244 85.25.104.57
Command and Control domains
bb-apps-world.com blackberry-apps-world.com blackberry-update.com csrss-check-new.com csrss-update-new.com csrss-upgrade-new.com dailyinfonews.net dll-host.com dll-host-check.com dll-host-udate.com dll-host-update.com dllupdate.info drivers-check.com drivers-get.com drivers-update-online.com genuine-check.com genuineservicecheck.com genuineupdate.com hotinfonews.com microsoftcheck.com microsoft-msdn.com microsoftosupdate.com mobile-update.com msgenuine.net msinfoonline.org msonlinecheck.com msonlineget.com msonlineupdate.com ms-software-check.com ms-software-genuine.com ms-software-update.com new-driver-upgrade.com nt-windows-check.com nt-windows-online.com nt-windows-update.com osgenuine.com os-microsoft-check.com os-microsoft-update.com security-mobile.com shellupdate.com svchost-check.com svchost-online.com svchost-update.com update-genuine.com win-check-update.com windowscheckupdate.com windows-genuine.com windowsonlineupdate.com win-driver-upgrade.com wingenuine.com wins-driver-check.com wins-driver-update.com wins-update.com winupdateonline.com winupdateos.com world-mobile-congress.com xponlineupdate.com
