Repository data for MMD-0062-2017 - Credential harversting by SSH Direct TCP Forward hacking attack (aka Strudels Attack)
UPDATE: Last update: Wed Mar 22 08:43:34 JST 2017 We now only maintained the "Red, Hot & Chili Network" list due to lack of resource. Newer attacker network in AS49453 | 126.96.36.199/24 | GLOBALLAYER | NL Older attacker network is AS49981 | 188.8.131.52/22 | WORLDSTREAM | NL We have received contacts from NCSC-NL (CERT NL) via CERT-BUND (CERT DE) to confirm that the hoster entity 3NT.COM's Abuse Team has terminated the related customer account(s) of Strudels attacker actor. We herewith report that 3NT.COM has been cleaned up, so you can remove the block for the 3NT.COM addresses. The list stays as per it is for the RECORD purpose, as evidence of cyber crime for the law enforcement who is now investigating the case. Law enforcement can contact directly to the related CERT or hosters for the identification details used by the bad actors. - Thank you -
You can search IP addresses you want to check in this repository, to seek in which category it is classified in MMD-0062-2017 (attackers or victims).