Command and Control DarkComet RAT found in military networks

Several samples connect to systems of the US DoD Network Information Center, and the UK Ministry of Defence.

Malware Name DarkComet
CampaignID LogUser
Domains 25.189.190.89:888
http://malwareconfig.com/…/e121c5a3c4db555a826e0347ae0e…

Malware Name DarkComet
MD5 ab51fe04ba803e8c4dc606ec192539d4
FLOWS TCP 192.168.1.1:1032 ➝ 25.0.77.118:1604
http://totalhash.com/…/33827e43bdf0c9bb40da71b7cb8be50c…
https://www.virustotal.com/…/f989e9ca698215d6…/analysis/

Malware Name DarkComet
MD5 c2354922c1978e624463cd3bdff80513
FLOWS TCP 192.168.1.1:1031 ➝ 25.76.252.123:1604
http://totalhash.com/…/79d8994b0cfadeaab2ce73688dfa7ed2…
https://www.virustotal.com/…/78e303bb65e10592…/analysis/

inetnum: 25.0.0.0 – 25.255.255.255
netname: UK-MOD-19850128
descr: DINSA, Ministry of Defence
country: GB

Malware Name DarkComet
MD5 d4ac7434afc32c3e58df2335c65ff945
Flows TCP 192.168.1.1:1031 ➝ 7.90.168.44:1602
http://totalhash.com/…/6cad9d5ad0c66338f9c4057f7d72c02f…
https://www.virustotal.com/…/3b6d3944ec03a81c…/analysis/

NetRange: 7.0.0.0 – 7.255.255.255
NetName: DISANET7
OrgName: DoD Network Information Center
OrgId: DNIC
Address: 3990 E. Broad Street
City: Columbus