Tyrannosaurus reproduced fast and died young: A malicious host/IP/C&C from China, 2016 to present
In Summary : A portion of the title of this post refers to an idea put forth by Gregory S. Paul in the book “Tyrannosaurus: Tyrant King”;...
https://updatesinfosec.blogspot.com/2018/10/tyrannosaurus-reproduced-fast-and-died.html
In Summary :
A portion of the title of this post refers to an idea put forth by Gregory S. Paul in the book “Tyrannosaurus: Tyrant King”; as both a (probable) scavenger and predator living during dangerous times, the T.Rex does not seemed to have had an exceptionally long life span.
I find this a fitting metaphor for the host machines (and its IP) utilized for offensive/malicious purposes by many types of actors: I have the feeling many reproduce relatively quickly (through RATs, backdoor shells, created slave nodes, creds created and/or harvested by bruteforcing/spidering/dorking/scraping, etc.) and have short lives in the wilds of the Internet (when utilized for pure offense purposes/illegal commerce) relative to the uptime of similar, less aggressive machines/IP: whether hunted down by researchers, shutdown by authorities or hosting providers, abandoned by those who established them, etc…
Many of the host/IP utilized in this way will be both scavenger and predator: constant port scanning looking for instances of default/hardcoded credentials to exploit looks like a digital buzzard circling the sky to my mind’s eye [...]
kindly refer the following link as follow up :
https://ift.tt/2IsvxXf
A portion of the title of this post refers to an idea put forth by Gregory S. Paul in the book “Tyrannosaurus: Tyrant King”; as both a (probable) scavenger and predator living during dangerous times, the T.Rex does not seemed to have had an exceptionally long life span.
I find this a fitting metaphor for the host machines (and its IP) utilized for offensive/malicious purposes by many types of actors: I have the feeling many reproduce relatively quickly (through RATs, backdoor shells, created slave nodes, creds created and/or harvested by bruteforcing/spidering/dorking/scraping, etc.) and have short lives in the wilds of the Internet (when utilized for pure offense purposes/illegal commerce) relative to the uptime of similar, less aggressive machines/IP: whether hunted down by researchers, shutdown by authorities or hosting providers, abandoned by those who established them, etc…
Many of the host/IP utilized in this way will be both scavenger and predator: constant port scanning looking for instances of default/hardcoded credentials to exploit looks like a digital buzzard circling the sky to my mind’s eye [...]
kindly refer the following link as follow up :
https://ift.tt/2IsvxXf
