Several samples connect to systems of the US DoD Network Information Center, and the UK Ministry of Defence.
Malware Name DarkComet
CampaignID LogUser
Domains 25.189.190.89:888
http://malwareconfig.com/…/e121c5a3c4db555a826e0347ae0e…
Malware Name DarkComet
MD5 ab51fe04ba803e8c4dc606ec192539d4
FLOWS TCP 192.168.1.1:1032 ➝ 25.0.77.118:1604
http://totalhash.com/…/33827e43bdf0c9bb40da71b7cb8be50c…
https://www.virustotal.com/…/f989e9ca698215d6…/analysis/
Malware Name DarkComet
MD5 c2354922c1978e624463cd3bdff80513
FLOWS TCP 192.168.1.1:1031 ➝ 25.76.252.123:1604
http://totalhash.com/…/79d8994b0cfadeaab2ce73688dfa7ed2…
https://www.virustotal.com/…/78e303bb65e10592…/analysis/
inetnum: 25.0.0.0 – 25.255.255.255
netname: UK-MOD-19850128
descr: DINSA, Ministry of Defence
country: GB
Malware Name DarkComet
MD5 d4ac7434afc32c3e58df2335c65ff945
Flows TCP 192.168.1.1:1031 ➝ 7.90.168.44:1602
http://totalhash.com/…/6cad9d5ad0c66338f9c4057f7d72c02f…
https://www.virustotal.com/…/3b6d3944ec03a81c…/analysis/
NetRange: 7.0.0.0 – 7.255.255.255
NetName: DISANET7
OrgName: DoD Network Information Center
OrgId: DNIC
Address: 3990 E. Broad Street
City: Columbus