So.. What about those Japanese IP addresses in the SONY Hack Anyway?

with 10 comments

Just a little note in the derpstorm (another post to follow on that after this one) that I wanted to drop on you all. See, I mentioned this in one of my first posts on the Sony Hack but it has gone little noticed. In the malware samples of Destover-C on Virus Total you can see in the strings a huge list of IP addresses that belong to someone in Japan… I reckoned that they were in fact Sony addresses because they track down to a location in Japan where Sony HQ is and I left it at that. I had made my comments on how Japan and Korea just don’t get along and that they have a long history of unhappy relations, and thus a keyboard map, if taken on face value, might have relevance in this way.

Well, later on someone who shall remain un-named contacted me and thanked me for my post and the information in it. The reason? They said that they worked for Sony and had been told NOTHING. My post actually gave them more information than the actual corporation that they worked for within their own security and networking space! Sadly, this seems to be the M. O. of Sony and I took that piece of info as truth because really this person had nothing to lie about here.

and life went on…

Destover-C connections looking for NetBIOS connections

• 43.130.141.100:139
• 43.130.141.100:445
• 43.130.141.101:139
• 43.130.141.101:445
• 43.130.141.102:139
• 43.130.141.102:445
• 43.130.141.103:139
• 43.130.141.103:445
• 43.130.141.105:139
• 43.130.141.105:445
• 43.130.141.107:139
• 43.130.141.107:445
• 43.130.141.108:139
• 43.130.141.108:445
• 43.130.141.109:139
• 43.130.141.109:445
• 43.130.141.115:139
• 43.130.141.115:445
• 43.130.141.11:139
• 43.130.141.11:445
• 43.130.141.124:139
• 43.130.141.124:445
• 43.130.141.125:139
• 43.130.141.125:445
• 43.130.141.13:139
• 43.130.141.13:445
• 43.130.141.14:445
• 43.130.141.20:139
• 43.130.141.20:445
• 43.130.141.21:139
• 43.130.141.21:445
• 43.130.141.22:139
• 43.130.141.22:445
• 43.130.141.23:139
• 43.130.141.23:445
• 43.130.141.24:139
• 43.130.141.24:445
• 43.130.141.28:139
• 43.130.141.28:445
• 43.130.141.30:445
• 43.130.141.42:139
• 43.130.141.42:445
• 43.130.141.71:139
• 43.130.141.71:445
• 43.130.141.72:139
• 43.130.141.72:445
• 43.130.141.74:139
• 43.130.141.74:445
• 43.130.141.75:139
• 43.130.141.75:445
• 43.130.141.76:139
• 43.130.141.76:445
• 43.130.141.77:139
• 43.130.141.77:445
• 43.130.141.78:139
• 43.130.141.78:445
• 43.130.141.79:139
• 43.130.141.79:445
• 43.130.141.80:139
• 43.130.141.80:445
• 43.130.141.83:139
• 43.130.141.83:445
• 43.130.141.84:139
• 43.130.141.84:445
• 43.130.141.85:139
• 43.130.141.85:445
• 43.130.141.86:139
• 43.130.141.86:445
• 43.130.141.87:139
• 43.130.141.87:445
• 43.130.141.88:139
• 43.130.141.88:445
• 43.130.141.90:139
• 43.130.141.90:445
• 43.130.141.92:139
• 43.130.141.92:445
• 43.130.141.93:139
• 43.130.141.93:445
• 43.130.141.94:139
• 43.130.141.94:445
• 43.130.141.98:139
• 43.130.141.98:445
• 43.130.141.99:445

This morning, as I sit with coffee at 5am, awake because I looked at twitter and ERMEGERD DPRK DID IT is all over the place I just thought I would share. See, there is more going on here than Wolf Blitzer can… Well.. Blitz! All of this, all of the fallout that I will write about next just covers over the fact that much more has gone on and we have not heard anything about.

What happened in Japan?

Do we really think that just SPE was hit? I mean they are connected as a company to the parent which is in Japan right?

What about Germany?

What about all the subsidiaries? Won’t they too have to re-create their networks?

What great fuckery there is going on.

Wake the fuck up people.

K.

Written by Krypt3ia

2014/12/18 at 10:38

Posted in SONY