Concerned About Your Business Cyber Security?

(877) 321--7374

Reversed C2 traffic from China, (Fri, May 11th)

For the past few months, we’ve seen some intriguing data coming from 3 separate ip addresses from within China. The payload of this traffic seems to be generated by well known remote access tooling njRAT and Gh0st and destined to their C2 server. Normally you would not expect any C2 traffic in honeypots, except in the case of ip address reusal where you got an ip address which has been used as C2 before. As we have catched this traffic in multiple honeytraps, someone must be scanning the internet with this payload. There are many different destination ports┬átargeted, so far we have seen ports 991, 1050, 1122, 1177, 1188, 1190, 1199, 3460, 12345, 1627, 3311, 5552, 5568, 8484, 8844, 8899, 33369, 42091.

Ready For ASuperheroI.T. Solution?

Real Time Web Analytics