Wednesday, July 13, 2016

Wapack Labs sinkhole activities - 7/13/16

A sinkhole is DNS server that gives out false information, to prevent the use of the domain names it represents, often times redirecting information from one to another, where security researchers capture the data and analyze it for threats.

Wapack Labs monitors several such sinkholes --purchased by the team, these domains are typically command and control nodes that malware will call to, looking for instructions, when installed on a computer.  What a computer is identified on the sinkhole list, we assume it to be compromised. 

The table below shows the top 25 list from this week is shown below. Each domain is associated with one or more computers that have attempted to connect to a Wapack Labs sinkholes command and control node. The 'domain' column is the domain name of the affected company. The 'description' column shows Wapack Labs' sinkhole type.

The full report was published to Wapack Labs on 7/12/16. For more information, users can search for the domain name on or contact Wapack Labs for assistance at 844-4-WAPACK.

domain descritpion putter_panda mirage mirage zxshell mirage kazy nflog pwsteal kazy pirpi wekby miniasp flower_lady carbanak htran procus png_downloader nflog backdoor_briba tabcteng sykipot binanen poison tabcteng