Docstoc

TSG (Excel)

Document Sample
TSG (Excel) Powered By Docstoc
					IP Address       Domains                                Notes
208.73.210.85    nodns3.qipian.org                      Poiscon varient
72.167.34.54                                            Nigel Thompson SSL cert - Primary C2
72.167.33.182                                           IP Address blocked July 20th timeframe
                                                        Saw iisstart and IP Address blocked July 20th
67.152.57.55                                            timeframe
                 sslsrv6.infosupports.com (currently
66.228.132.129   Car1.bigdepression.net)                Main Exfil IP Address
66.228.132.130   stemco.com                             New IP Address
66.228.132.18    Negma Internet                         New IP Address
66.228.132.16    eri.serveuser.com                      Secondary Exfil IP Address
66.228.132.232   Movietavern.com                        New IP Address
66.228.132.161   multiple domains                       New IP Address
66.228.132.160                                          New IP Address
123.183.210.26   xyrn998754.2288.org                    Poiscon varient
                                                        mail.aoaw.net used at same time as nigel
65.54.165.179    mail.aoaw.net                          cert from compromised systesm
                                                        suspicious - in memory of compromised
216.246.75.123                                          system
                                                        suspicious - in memory of compromised
32.16.195.129                                           system

               Ou1.infosupports.com,
               aes.infosupports.com, rnews.acmetoy.com
66.228.132.53 and fitness.acmetoy.com                  IP Address seen in eariler summer
                                                       suspicious was pointing to 66.228.132.53
66.228.138.253 dfwatlas.com                            eariler in the summer
Top Level Domains   Malware         Malware Notes
                    Rasauto32.exe   Remote Access
                    Reg32.exe       Rasauto32
                    CTFmon.exe      Rasauto32

                    IPRINP.dll      MSN Remote Access

                    111.exe      Dropper for Rasauto32
                    ATI.exe      Command Shell
                    Svchhosts    Command Shell
                    msomsysdm.exepassword happyyongzi
Credentials                     Credential Notes
d0ta010@hotmail.com 2j3c1k      MSN in malware
lich123456@hotmail.com 2j3c1k   MSN in malware
Category   Hostname          IP Address
APT        MPPT-RSMITH       10.32.192.23
APT        MPPT-RSMITH       10.32.192.23
APT        RFSMOBILE         10.32.192.24
APT        WALVISAPP-VTPSI   10.10.1.82


APT        WALVISAPP-VTPSI   10.10.1.82
APT        WALVISAPP-VTPSI   10.10.1.82
APT        WALVISAPP-VTPSI   10.10.1.82

APT        B1SRVAPPS02       10.10.1.13

APT        WAL4FS02          10.10.10.20


APT        WKWONGT2          10.10.88.145
APT        DSPELLMANDT***    10.27.64.73
APT        BEL_HORTON        10.34.16.36




APT        WALSU01           10.10.1.80




APT        JSEAQUISTDT1      10.10.64.179




APT        WALSU02           10.10.10.17
APT        AI-ENGINEER-3     10.27.64.34

APT        LTNFS01           10.26.251.21
APT        LTNFS01           10.26.251.21
APT        HEC_AVTEMP1       10.2.50.48
APT        GRAY_VM           10.2.37.115
APT        SASERVER          10.4.6.55




APT        ARBORTEX          10.2.27.41
APT               WALXDS01         10.10.1.62
APT               PSIDATA          192.168.7.155
APT               PSIDATA          192.168.7.155
APT               MAC???           ???
APT               AI-ENGINEER-4    10.27.64.62
APT               AMARALDT         10.10.72.167
APT               B1HVAC01         10.10.64.25
Generic Malware   VCOMPARATOLT     10.10.64.17
Generic Malware   TALONPARTS       10.10.96.27
Generic Malware   SWILCOXDT        10.10.64.102
Generic Malware   SKAUFMANLT       10.10.96.151
Generic Malware   MSULLIVANDT2     10.10.72.147
Generic Malware   DGOLICKDT        10.10.64.193
Generic Malware   C4ISRLABDT116    10.10.64.125
Generic Malware   ABATESDT         10.10.72.142
Generic Malware   C4ISRLAB156LT    10.10.64.207
Generic Malware   SAZARIANLT       10.10.64.39
Generic Malware   RWIESMANDT       10.10.64.161
Generic Malware   RSETLURDT        10.10.72.26
Generic Malware   RBATISTADT2      10.10.72.138
Generic Malware   MKASTANASDT2     10.10.80.16
Generic Malware   KHELLERLT2       10.10.72.18
Generic Malware   JVALENTINE       10.10.72.15
Generic Malware   JMILLIKENDT      10.10.80.143
Generic Malware   JDESCOTEAUXDT    10.10.64.104
Generic Malware   BJOHNSONDT2      10.10.64.191
Generic Malware   RPEMPSELLDT2     10.10.72.152
Generic Malware   TKURTHDT         10.10.64.21
Generic Malware   TALONTECHDT2     10.10.96.142
Generic Malware   PIMSOL_CURTIS    10.2.50.47
Generic Malware   FAIRCHILD3_HEC   10.2.30.21
Generic Malware   UNDERWOOD1CBM    10.2.40.158
Path                                        Sample Name
\windows\system32                           rasauto32.dll
\windows\system32                           iprinp.dll
\windows\system32                           rasauto32.dll
\windows\system32                           rasauto32.dll
\documents and
settings\NetworkService\local
settings\temp                               ati.exe
                                            iprinp.dll
\windows\temp                               svchost.exe
\documents and settings\default
user\local settings\temp                    ati.exe
\documents and settings\default
user\local settings\temp                    ati.exe
\documents and
settings\NetworkService\local
settings\temp                               ati.exe
\windows\system32                           update.exe
\windows\system32                           update.exe
C:\Documents and
Settings\neil.kuchman.hd\Local
Settings\Temporary Internet
Files\Content.IE5\3W4F1LDI\iisstart[1].ht
m                                           iisstart[1].htm
C:\Documents and
Settings\NetworkService\Local
Settings\Temporary Internet
Files\Content.IE5\PJGSPG0B\iisstart[1].ht
m                                           iisstart[1].htm
C:\Documents and
Settings\MIKEHD~1.MOS\Local
Settings\Temporary Internet
Files\Content.IE5\5ANUZTCE\iisstart[1].ht
m                                           iisstart[1].htm
\windows\system32:mspoiscon.exe             mspoiscon.exe
C:\Documents And Settings\Default
User\Local Settings\Temp\ATI.EXE            ati.exe
\windows\system32                           reg32.exe
\windows\system32                           update.exe
\windows\system32                           update.exe
\windows\system32                           iprinp.dll
C:\Documents and
Settings\beverly.sullivan\Local
Settings\Temporary Internet
Files\Content.IE5\KTKHIR8R\                 iisstart[1].htm
C:\Documents and Settings\mmoss\Local
Settings\Temporary Internet
Files\Content.IE5\8TYZ4T6N\             iisstart[1].htm
\windows\system32                       rasauto32.dll
\windows\system32                       111.exe
\RECYCLER                               svchost.exe
\RECYCLER                               svchost.exe
\RECYCLER                               svchost.exe
\RECYCLER                               svchost.exe
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
N/A                                     TDSS
MD5                                                      Creation Date PE Date
FC63A35A36B84B11470D025A1D885A6B                                              2/9/2010 3:29
0D24E1B5814439460E030617890A17FE                                            3/29/2010 23:21
2502766AF38E3AFEBB10D16EA52800FD                                            5/24/2010 22:50
2502766AF38E3AFEBB10D16EA52800FD                            8/4/2004 5:00   5/24/2010 22:50


759C5C77A203B02A8B6DEB9A6FBEC3E3                           8/30/2010 8:10       8/4/2004 2:14

                                                                                8/4/2004 2:14

7A9AE50EE0A4211EEED7D41658206234                           7/19/2010 1:31   3/24/2005 19:40

B2E2FBD14E7DBA1F0F7097742D4AAA02                           8/30/2010 5:00    2/17/2007 1:27


DELETED BY CUSTOMER on 9/13/10 before HB could collect
ea7058a9e01deccff7183593c6d4f359                          5/12/2010 22:11 12/29/2009 23:40
ea7058a9e01deccff7183593c6d4f359                          5/12/2010 23:14 12/29/2009 23:40




N/A                                                       8/25/2010 18:33 N/A




N/A                                                       7/19/2010 14:43 N/A




N/A                                                         8/3/2010 7:29 N/A
NEED THIS                                                NEED THIS        NEED THIS

                                                           7/22/2010 1:46
0D6FBBEB9E2A750F7BA5E06406CC8582                           7/22/2010 1:44 6/25/2010 12:34
ea7058a9e01deccff7183593c6d4f359                          5/12/2010 22:11 12/29/2009 23:40
ea7058a9e01deccff7183593c6d4f359                          5/12/2010 22:11 12/29/2009 23:40
154FCAB6ECEE1B7BD98F2D07DBA4955B                            6/2/2010 3:35    6/2/2010 4:26




N/A                                                        7/19/2010 3:19 N/A
N/A                                  1/21/2009 13:14    N/A
2502766AF38E3AFEBB10D16EA52800FD       8/31/2010 7:35     5/24/2010 22:50
5E7EA7264E5FC7F447FC3BEC44145ABD       8/31/2010 7:33     5/24/2010 22:50
09B63FA595E13DAC5D0F0186AD483CDD       7/28/2009 9:54      4/18/2006 8:14
09B63FA595E13DAC5D0F0186AD483CDD       9/9/2009 23:02      4/18/2006 8:14
09B63FA595E13DAC5D0F0186AD483CDD   Fall of 2009            4/18/2006 8:14
09B63FA595E13DAC5D0F0186AD483CDD        9/8/2009 9:13      4/18/2006 8:14
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
N/A                                N/A                  N/A
Size on Disk
               647680
               135168
               668672
               668672


               388608

               388608

               388096

               389120


               233472
               110592
               110592




                 1433




                  511




                 1433
NEED THIS

               389120
               599040
               110592
               110592
               131072




                  511
        1433
      668672
      675840




N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
                                           3rd PARTY IDNENTIFIED COMPROMISED SYSTEMS
IP                                                                                     Hbgary   HB Host   QNA     QNA Host
Address         Hostname          Notes                                        Group   Match    Match     Match   Match
10.10.1.18      b1srv-pubs        Currently Resolves to 10.10.1.18             TSG     no       no        no      no
10.10.1.5       b1srvdc03         Could not ping or resolve                    TSG     no       no        APT     no
10.10.1.82      walvisapp-vtpsi                                                TSg     APT      APT       APT     APT
10.10.1.83      walvisapp-vtatk                                                TSG     no       no        APT     no


                                  ZEKE was a secondary LanMan/NetBIOS
                                  name assigned to WAL4FS02 via registry
                                  hack until it was peeled off to a physical
                                  server and moved to Franklin, MA on 31-
                                  Aug-2010. Zeke currently resolves to
10.10.10.20     zeke              10.24.251.29 (was listed as 10.10.10.20)     TSG     APT      no        APT     no
10.10.10.20     wal4fs02                                                       TSG     APT      APT       APT     APT
10.10.10.21     wal4s01           Currently Resolves to 10.10.10.21            TSG     no       no        no      no

10.10.10.25     b2srvceg                                                       TSG     no       no        no      no
10.10.10.27     b2srvpst          Currently pingable at 10.10.10.27            TSG     no       no        no      no
10.10.10.38     b2srvdc02         Could not ping or resolve                    TSG     no       no        APT     no

10.10.64.171    Mleporedt1        check who had IP since Jul 18 2010           TSG     no       no        APT     APT
10.10.64.171    mleporedt1        Has been resolving to 10.10.64.171           TSG     no       no        APT     APT
10.10.88.13     dlevinelt                                                      TSG     no       no        APT     no

10.10.96.14     jarmstronglt      currently resolves to 10.10.96.14            TSG     no       no        no      APT




10.10.96.21     B2PC-DOHERTY      B2PC-DOHERTY is current resolved name        TSG     no       no        APT     no
10.2.20.10                        Could not ping or resolve                    SEG     no       no        no      no
10.2.27.104     ARSOAFS                                                        SEG     no       no        APT     no
10.2.27.104     arsoafs                                                        SEG     no       no        APT     no
10.2.27.105     govt_pubs                                                      SEG     no       no        APT     APT


10.2.27.41      arbortex          ARBORTEX is current resolved name            SEG     APT      APT       no      no
10.2.27.41      arbortex          currently resolves to 10.2.27.41             SEG     APT      APT       no      no
10.2.30.57      DDR_TEST          Currently resolves to DDR_TEST               SEG     no       no        no      no
10.21.123.21    abqqnaodc1        Pingable at 10.21.123.21                     ITSS    no       no        no      no
10.255.128.19   stlspss02         most likley a pass through                   ITSS    no       no        no      no
10.27.123.23    apisrvfs01                                                     SEG     no       no        no      no
                                  ping 172.16.157.16
10.27.187.13    cbadfs01          nslookup 10.27.187.13                        SEG     no       no        no      no
10.3.6.137      stlqnaodc6        currently pingable at 10.3.6.137             ITSS    no       no        no      no
10.32.192.23    mppt-rsmith       Was resolving to 10.32.192.23                SEG     APT      APT       APT     APT
192.168.7.155   psidata                                                        TSG     APT      APT       no      no
192.168.7.24    psi-nas                                                        TSG     no       no        no      no
10.10.1.13   fmiintranet                                             TSG
                           FMINTRANET is a DNS ‘a’ record for B1SRVAPPS02   APT   no    APT   no
             rfsmobile     Could not ping or resolve                SEG     no    APT   no    APT
             abq3hdc1      Could not ping or resolve                ITSS    no    no    no    no
                                                                                                 QNA IDENTIFIED COMPROMISED SYSTEMS
IP
Address          Hostname          Count          APT IP address                Frist Seen                                Last Seen                    Evidence Source          Label        Group   ITAR/GFE         Notes/Status
10.10.1.13       B1SRVAPPS02                   12 72.167.34.54                                                                                         Firewall Logs            APT          TSG
10.10.1.5        B1SRVDC03                     86 72.167.34.54                                                                                         Firewall Logs            APT          TSG                      decommissioned 7/23/10
10.10.1.82       WALVISAPP-VTPSI              217 72.167.34.54(443)             Sep 13 2010 13:40:11                      Sep 13 2010 19:58:02         darknet, Firewall Logs   APT          TSG
10.10.1.83       WALVISAPP-VTATK               72 72.167.34.54(443)             Sep 14 2010 20:38:44                      Sep 16 2010 10:14:48         darknet                  APT          TSG     potential ITAR




10.10.10.20      WAL4FS02                      16 72.167.34.54                                                                                         Firewall Logs            APT          TSG     ITAR
10.10.10.38      B2SRVDC02                     22 72.167.34.54                                                                                         Firewall Logs            APT          TSG                      decommissioned 7/18/10
10.10.104.134    JMONTAGNADT                   14 72.167.34.54                                                                                         Firewall Logs            APT          TSG     ITAR
                                   72 = 484       72.167.34.54(443),                                                                                                                                                  Communicated with 66.228.132.129, Exfil
10.10.64.171     mleporedt1        66 = 2         66.228.132.129(443)           129 = 8/3/10 05:38:26                     129 = 8/3/10 05:41:44        Firewall Logs            APT          TSG     potential ITAR   220MB
10.10.64.221     PBISTOFFLT                       216.246.75.123(80)                                                                                   darknet                  Suspicious   TSG
10.10.88.13      DLEVINELT                      6 72.167.34.54                                                                                         Firewall Logs            APT          TSG     ITAR
                                   72 = 14        72.167.34.54
10.10.96.21      JARMSTRONGLT                     67.152.57.55 (iisstart.htm)   67.* = 7/20/10 11:17:12                                                Firewall Logs            APT          TSG     ITAR
10.166.228.132                                  2 66.228.132.X                                                                                         Firewall Logs            APT
10.2.27.102                                     8 72.167.34.54                                                                                         Firewall Logs            APT          SEG     ITAR
                                                                                                                                                                                                                      Communicated with 66.228.132.129-130,
10.2.27.104      ARSOAFS                    28 72.167.34.54                                                                                            Firewall Logs            APT          SEG     ITAR             Exfil 5.4GB
                                               216.15.210.68
                                               66.228.132.53                    216.* = 7/27/10 22:53:57
                                               72.167.34.54(443),               66.*53 = 7/27/10 22:46:14
                                               66.228.132.16(443),              66.*16 = 8/3/10 05:12:55                  16 = 8/4/10 10:00:32
                                               66.228.132.18(443),              66.*18 = 8/11/10 07:04:52                 18 = 8/23/10 21:30:46
                                   72 = 342    66.228.132.129(443),             66.*129 = 7/27/10 22:46:41 (icmp)         129 = 8/11/10 04:16:38
10.2.27.105      govt_pubs         66 = 192    66.228.132.130 (ICMP)            66.*130 = 7/27/10 22:46:26                130 = 8/3/10 05:09:08        Firewall Logs            APT          SEG     ITAR
10.2.50.47       PIMSOL_CURTIS                    216.246.75.123(80)                                                                                   darknet                  Suspicious   SEG
10.2.50.96       HEC_WHOUSE                       216.246.75.123(80)            Sep 17 2010 23:32:42                      Sep 18 2010 00:24:17         darknet                  Suspicious   SEG
10.2.50.97       HEC_MULLEN                    16 66.228.132.232                232 = 8/26/10 18:26:26                    232 = 8/26/10 18:31:24       Firewall Logs            APT          SEG
10.255.128.16                                     216.246.75.123(80)                                                      Sep 14 2010 02:23:52         darknet                  Suspicious   ITSS
                                                  72.167.34.54                                                                                                                  APT,
10.26.251.21     LTNFS01           72 = 8         216.246.75.123(80)                                                                                   darknet, Firewall Logs   Suspicious   TSG                      Reg32.exe 7/22/2010 1:44:00
10.27.64.63      TKUHNDT                          216.246.75.123(80)            Sep 15 2010 02:00:25                      Sep 15 2010 02:05:27         darknet                  Suspicious
10.28.0.78                                      4 66.228.132.161                161 = 7/28/2010 15:22:39                  161 = 7/28/2010 15:23:39     Firewall Logs
10.3.47.145      WDT_GORDON                       216.246.75.123(80)            Sep 14 2010 02:07:59                      Sep 15 2010 04:11:32         darknet                  Suspicious
10.3.5.41        STLSECMON1                     8 66.228.132.X                                                                                         Firewall Logs            APT          ITSS
10.32.192.23     MPPT-RSMITH                   84 72.167.34.54                                                                                         Firewall Logs            APT          SEG

10.32.192.24     RFSMOBILE                     12 72.167.34.54                                                                                         Firewall Logs            APT          SEG
10.66.228.132                                   6 66.228.132.X                                                                                         Firewall Logs            APT
10.2.20.150                                       216.15.210.68                                          6/24/2010 7:29                 6/24/2010 7:34 Firewall Logs            APT          SEG
10.10.64.179     JSEAQUISTDT1                     67.152.57.55                                                                                         Firewall Logs            APT          TSG
10.10.96.152     JARMSTRONGLT                                                                                                                          ISHOT                    APT          TSG                      ISHOT ctfmon.exe 7/10/2010 8:40:00
10.27.64.56                   ISHOT   APT   TSG   ISHOT password cache from tsg 09 incident
10.27.64.62   AI-ENGINEER-4   ISHOT   APT   TSG   ISHOT password cache from tsg 09 incident
10.27.64.55                   ISHOT   APT   TSG   ISHOT svchost.exe in recycler bin Fall of 09
10.2.50.48                    ISHOT   APT   TSG   unknown Ishot result
                                             HBGARY IDENTIFIED COMPROMISED SYSTEMS
                                                                                                                                Matches      3rd Party
IP Address      Hostname          HB Label   Matches QNA    3rd Party Match   IP Address     Hostname         HB Label          QNA          Match
???             MAC???            APT        no             no                10.10.64.17    VCOMPARATOLT     Generic Malware   no           no
10.10.1.13      B1SRVAPPS02       APT        10.10.1.13     10.10.1.13        10.10.64.102   SWILCOXDT        Generic Malware   no           no
10.10.1.62      WALXDS01          APT        no             no                10.10.64.104   JDESCOTEAUXDT    Generic Malware   no           no
10.10.1.80      WALSU01           APT        no             no                10.10.64.125   C4ISRLABDT116    Generic Malware   no           no




10.10.1.82      WALVISAPP-VTPSI   APT        10.10.1.82     10.10.1.82        10.10.64.161   RWIESMANDT       Generic Malware   no           no
10.10.10.17     WALSU02           APT        no             no                10.10.64.191   BJOHNSONDT2      Generic Malware   no           no
10.10.10.20     WAL4FS02          APT        10.10.10.20    10.10.10.20       10.10.64.193   DGOLICKDT        Generic Malware   no           no

10.10.64.179    JSEAQUISTDT1      APT        10.10.64.179   no                10.10.64.207   C4ISRLAB156LT    Generic Malware   no           no
10.10.64.25     B1HVAC01          APT        10.10.64.25    no                10.10.64.21    TKURTHDT         Generic Malware   no           no
10.10.72.167    AMARALDT          APT        no             no                10.10.64.39    SAZARIANLT       Generic Malware   no           no

10.10.88.145    WKWONGT2          APT        no             no                10.10.72.138   RBATISTADT2      Generic Malware   no           no
10.2.27.41      ARBORTEX          APT        no             10.2.27.41        10.10.72.142   ABATESDT         Generic Malware   no           no
10.2.37.115     GRAY_VM           APT        no             no                10.10.72.147   MSULLIVANDT2     Generic Malware   no           no

10.2.50.48      HEC_AVTEMP1       APT        10.2.50.48     no                10.10.72.15    JVALENTINE       Generic Malware   no           no




10.26.251.21    LTNFS01           APT        10.26.251.21   no                10.10.72.152   RPEMPSELLDT2     Generic Malware   no           no
10.27.64.34     AI-ENGINEER-3     APT        no             no                10.10.72.18    KHELLERLT2       Generic Malware   no           no
10.27.64.62     AI-ENGINEER-4     APT        10.27.64.62    no                10.10.72.26    RSETLURDT        Generic Malware   no           no
10.27.64.73     DSPELLMANDT       APT        no             no                10.10.80.143   JMILLIKENDT      Generic Malware   no           no
10.32.192.23    MPPT-RSMITH       APT        10.32.192.23   10.32.192.23      10.10.80.16    MKASTANASDT2     Generic Malware   no           no


10.32.192.24    RFSMOBILE         APT        10.32.192.24   no                10.10.96.142   TALONTECHDT2     Generic Malware   no           no
10.34.16.36     BEL_HORTON        APT        no             no                10.10.96.151   SKAUFMANLT       Generic Malware   no           no
10.4.6.55       SASERVER          APT        no             no                10.10.96.27    TALONPARTS       Generic Malware   no           no
192.168.7.155   PSIDATA           APT        no             192.168.7.155     10.2.30.21     FAIRCHILD3_HEC   Generic Malware   no           no
                                                                              10.2.40.158    UNDERWOOD1CBM    Generic Malware   no           no
                                                                              10.2.50.47     PIMSOL_CURTIS    Generic Malware   10.2.50.47   no
m tsg 09 incident
m tsg 09 incident
 r bin Fall of 09
10.10.1.13      B1SRVAPPS02
10.10.1.18      b1srv-pubs
10.10.1.5       B1SRVDC03
10.10.1.62      WALXDS01
10.10.1.80      WALSU01
10.10.1.82      WALVISAPP-VTPSI
10.10.1.83      WALVISAPP-VTATK
10.10.10.17     WALSU02
10.10.10.20     WAL4FS02
10.10.10.21     wal4s01
10.10.10.25     b2srvceg
10.10.10.27     b2srvpst
10.10.10.38     B2SRVDC02
10.10.104.134   JMONTAGNADT
10.10.64.171    mleporedt1
10.10.64.179    JSEAQUISTDT1
10.10.64.191    BJOHNSONDT2
10.10.64.193    DGOLICKDT
10.10.64.207    C4ISRLAB156LT
10.10.64.221    PBISTOFFLT
10.10.64.25     B1HVAC01
10.10.72.138    RBATISTADT2
10.10.72.142    ABATESDT
10.10.72.147    MSULLIVANDT2
10.10.72.15     JVALENTINE
10.10.72.152    RPEMPSELLDT2
10.10.72.167    AMARALDT
10.10.72.18     KHELLERLT2
10.10.72.26     RSETLURDT
10.10.80.143    JMILLIKENDT
10.10.80.16     MKASTANASDT2
10.10.88.13     DLEVINELT
10.10.88.145    WKWONGT2
10.10.96.14     jarmstronglt
10.10.96.142    TALONTECHDT2
10.10.96.151    SKAUFMANLT
10.10.96.21     JARMSTRONGLT
10.10.96.21     B2PC-DOHERTY
10.10.96.27     TALONPARTS
10.2.27.102
10.2.27.104     ARSOAFS
10.2.27.105     govt_pubs
10.24.251.29    zeke
10.26.251.21    LTNFS01
192.168.7.155   psidata
192.168.7.24    psi-nas
                fmiintranet
10.2.30.21       FAIRCHILD3_HEC             no
                                  Generic Malware        no
10.2.40.158      UNDERWOOD1CBM              no
                                  Generic Malware        no
10.2.50.47       PIMSOL_CURTIS              10.2.50.47
                                  Generic Malware        no
10.2.27.41       ARBORTEX         APT       no           10.2.27.41
10.2.37.115      GRAY_VM          APT       no           no
10.2.50.48       HEC_AVTEMP1      APT       10.2.50.48   no
10.166.228.132                    APT
10.2.20.10                        APT
10.2.27.104      ARSOAFS          APT
10.2.27.105      govt_pubs        APT
10.2.30.57       DDR_TEST         APT
10.27.123.23     apisrvfs01       APT
10.27.187.13     cbadfs01         APT
10.32.192.23     mppt-rsmith      APT
10.32.192.24     rfsmobile        APT
                                      ITSS
10.21.123.21 abqqnaodc1 Pingable at 10.21.123.21


                          most likley a
10.255.128.19stlspss02    pass through ITSS

                          currently
                          pingable at
10.3.6.137   stlqnaodc6   10.3.6.137     ITSS
                          Could not
                          ping or
             abq3hdc1     resolve        ITSS
10.166.228.132                          2 66.228.132.X
10.255.128.16                            216.246.75.123(80)
10.27.64.63 TKUHNDT                      216.246.75.123(80)
10.28.0.78                              4 66.228.132.161
10.3.47.145 WDT_GORDON                   216.246.75.123(80)
10.3.5.41    STLSECMON1                 8 66.228.132.X
10.66.228.132                           6 66.228.132.X

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:30
posted:10/28/2011
language:French
pages:20
xiaohuicaicai xiaohuicaicai
About