<div dir="ltr">We have also seen Armada Collective and this same threat before...We wrote an article up which I'm attaching for those interested.  <input name="virtru-metadata" type="hidden" value="{"email-policy":{"state":"closed","expirationUnit":"days","disableCopyPaste":false,"disablePrint":false,"disableForwarding":false,"expires":false,"isManaged":false},"attachments":{}}"><div><br></div><div>Best,</div><div><br></div><div>Jon Morgan</div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><span style="font-family:'times new roman',serif;font-size:small">_________________________________________________________________</span><br></div><font face="times new roman, serif" size="2">Jonathan T. Morgan | Area 1 | Director of Research Operations | m. 857.284.2009</font></div><div dir="ltr"><font face="times new roman, serif" size="2"><br></font><div><span style="color:rgb(51,51,51);font-family:Helvetica,Arial,sans-serif;line-height:17px;background-color:rgb(255,255,255)"><font size="1"><a href="https://www.linkedin.com/in/jonathantmorgan" target="_blank">https://www.linkedin.com/in/jonathantmorgan</a></font></span><font face="times new roman, serif" size="2"><br></font><div><br></div><div><ul style="margin:0px;padding:0px 0px 8px;border:0px;font-size:13px;font-family:Helvetica,Arial,sans-serif;vertical-align:baseline;list-style:none;font-stretch:inherit;line-height:17px;outline:0px;display:table-cell;width:523px;color:rgb(51,51,51)"><li style="margin:0px;padding:8px 12px 2px 10px;border:0px;font-weight:inherit;font-style:inherit;font-size:11px;font-family:inherit;vertical-align:baseline;font-variant:inherit;font-stretch:inherit;line-height:inherit"><dl style="margin:0px;padding:0px;border:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline;font-variant:inherit;font-stretch:inherit;line-height:inherit;word-wrap:break-word"><dt style="margin:0px;padding:0px;border:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline;font-variant:inherit;font-stretch:inherit;line-height:inherit;height:1px;width:1px;overflow:hidden">Public Profile<span style="font-family:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit"><a href="https://www.linkedin.com/in/jonathantmorgan" target="_blank">https://www.linkedin.com/in/jonathantmorgan</a></span></dt></dl></li></ul></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Fri, Jul 8, 2016 at 9:21 AM, A <span dir="ltr"><<a href="mailto:clonemeagain@gmail.com" target="_blank">clonemeagain@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Cloudflare have an interesting article on it: <a href="https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/" target="_blank">https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/</a></p>
<div class="gmail_quote"><div><div class="h5">On 8 Jul 2016 11:15 pm, "Keith Anderson" <<a href="mailto:keitha@apcs.com.au" target="_blank">keitha@apcs.com.au</a>> wrote:<br type="attribution"></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div style="word-wrap:break-word"><div>Hi All,</div><div><br></div><div>Glad we have DoS filtering in place, hope it works.</div><div><br></div><div>received this one yesterday.</div><div><br></div><div>Have a good weekend all, </div><div><br></div><div>### HEADER<br><br>Received: from removed [x.x.x.x])<br><span style="white-space:pre-wrap">     </span>by removed (Postfix) with ESMTP id E077333F9F<br><span style="white-space:pre-wrap"> </span>for <systemadmin@removed>; Thu,  7 Jul 2016 15:04:38 +1000 (PGT)<br>X-ASG-Debug-ID: 1467867840-06ff6519594ed72d0001-Vn5JKc<br>Received: from <a href="http://ks3293195.kimsufi.com" target="_blank">ks3293195.kimsufi.com</a> (<a href="http://ks3293195.kimsufi.com" target="_blank">ks3293195.kimsufi.com</a> [5.135.186.134]) by filter1-removed with ESMTP id zxmM3rWeIgLfLFeL for <Removed>; Thu, 07 Jul 2016 05:04:02 +0000 (GMT)<br>X-Barracuda-Envelope-From: <a href="mailto:armada.collective@gmail.com" target="_blank">armada.collective@gmail.com</a><br>X-Barracuda-Effective-Source-IP: <a href="http://ks3293195.kimsufi.com" target="_blank">ks3293195.kimsufi.com</a>[5.135.186.134]<br>X-Barracuda-Apparent-Source-IP: 5.135.186.134<br>From: Armada Collective <<a href="mailto:armada.collective@gmail.com" target="_blank">armada.collective@gmail.com</a>><br>To: <<a href="mailto:sysadmin@datec.net.pg" target="_blank">sysadmin@r</a>emoved><br>Subject: ATTENTION: Ransom request!!!<br>X-Barracuda-Connect: <a href="http://ks3293195.kimsufi.com" target="_blank">ks3293195.kimsufi.com</a>[5.135.186.134]<br>X-Barracuda-Start-Time: 1467867841<br>X-Barracuda-URL: XXX<br>X-ASG-Orig-Subj: ATTENTION: Ransom request!!!<br>X-Barracuda-Scan-Msg-Size: 1266<br>X-Virus-Scanned: by bsmtpd at XXXX<br>X-Barracuda-BRTS-Status: 1<br>X-Barracuda-Spam-Score: 2.00<br>X-Barracuda-Spam-Status: No, SCORE=2.00 using global scores of TAG_LEVEL=4.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=5.0 tests=MISSING_DATE, MISSING_MID, PLING_PLING<br>X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.31081<br><span style="white-space:pre-wrap"> </span>Rule breakdown below<br><span style="white-space:pre-wrap">  </span> pts rule name              description<br><span style="white-space:pre-wrap"> </span>---- ---------------------- --------------------------------------------------<br><span style="white-space:pre-wrap">        </span>0.14 MISSING_MID            Missing Message-Id: header<br><span style="white-space:pre-wrap">     </span>1.40 MISSING_DATE           Missing Date: header<br><span style="white-space:pre-wrap">    </span>0.46 PLING_PLING            Subject has lots of exclamation marks<br>Message-ID: <<a href="mailto:20160707050438.7DECC16CC0B3@filter1-dc3.datec.net.pg" target="_blank">20160707050438.7DECC16CC0B3@filter1-X</a>XX><br>Date: Thu, 7 Jul 2016 05:04:38 +0000<br>Return-Path: <a href="mailto:armada.collective@gmail.com" target="_blank">armada.collective@gmail.com</a><br>MIME-Version: 1.0<br>Content-Type: text/plain<br>X-MS-Exchange-Organization-Network-Message-Id: 07157968-b5a4-4cfa-da65-08d3a624c308<br>X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0<br>X-MS-Exchange-Organization-AuthSource: POM.local<br>X-MS-Exchange-Organization-AuthAs: Anonymous<br>### END FULL HEADER<br><br><br>-----Original Message-----<br>From: Armada Collective [<a href="mailto:armada.collective@gmail.com" target="_blank">mailto:armada.collective@gmail.com</a>] <br>Sent: Thursday, 7 July 2016 3:05 PM<br>To: Removed<br>Subject: ATTENTION: Ransom request!!!<br><br>FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!<br><br>We are Armada Collective.<br><br>All your servers will be DDoS-ed starting Saturday (Jul 9 2016) if you don't pay 5 Bitcoins @ 14T7TxDxhhpYtgNgrK1hpe4UsfULZDhFoC<br><br>When we say all, we mean all - users will not be able to access sites host with you at all.<br><br>Right now we will start 15 minutes attack on your site's IP X.X.X.X It will not be hard, we will not crash it at the moment to try to minimize eventual damage, which we want to avoid at this moment. It's just to prove that this is not a hoax. Check your logs!<br><br>If you don't pay by Saturday, attack will start, price to stop will increase by 5 BTC for every day of attack.<br><br>If you report this to media and try to get some free publicity by using our name, instead of paying, attack will start permanently and will last for a long time.<br><br>This is not a joke.<br><br>Our attacks are extremely powerful - sometimes over 1 Tbps per second. So, no cheap protection will help.<br><br>Prevent it all with just 5 BTC @ 14T7TxDxhhpYtgNgrK1hpe4UsfULZDhFoC<br><br>Do not reply, we will probably not read. Pay and we will know its you. AND YOU WILL NEVER AGAIN HEAR FROM US!<br><br>Bitcoin is anonymous, nobody will ever know you cooperated.</div><div><br></div><div>———————————</div><div><br></div><div><br></div><br><div>
<span style="border-collapse:separate;line-height:normal;border-spacing:0px"><span style="font-weight:900"><span style="border-collapse:separate;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;border-spacing:0px"><span style="font-weight:900"><span style="border-collapse:separate;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;border-spacing:0px"><span style="font-weight:900"><span style="font-weight:800"><b><div style="font-weight:normal"><div style="color:rgb(0,0,0);font-family:Courier"><span style="border-collapse:separate;border-spacing:0px"><span style="font-family:'Default Sans Serif',Verdana,Arial,Helvetica,sans-serif;font-size:small"><font size="6" color="#002060" face="Times New Roman">apcs</font></span><span style="font-family:'Default Sans Serif',Verdana,Arial,Helvetica,sans-serif;font-size:small"><br style="font-family:verdana,helvetica,arial,sans-serif;font-size:12px"></span><span style="font-family:'Default Sans Serif',Verdana,Arial,Helvetica,sans-serif;font-size:small"><font size="2" face="Calibri"><b>Keith Anderson</b> </font></span><span style="font-family:'Default Sans Serif',Verdana,Arial,Helvetica,sans-serif;font-size:small"><b style="font-family:verdana,helvetica,arial,sans-serif;font-size:12px"><font size="3" color="#C0C0C0" face="Calibri">l</font></b></span><span style="font-family:'Default Sans Serif',Verdana,Arial,Helvetica,sans-serif;font-size:small"><font size="3" face="Calibri"> </font></span><span style="font-family:'Default Sans Serif',Verdana,Arial,Helvetica,sans-serif;font-size:small"><b style="font-family:verdana,helvetica,arial,sans-serif;font-size:12px"><font size="2" color="#002060" face="Calibri">Managing Director</font></b></span></span></div><div style="font-family:Courier"><span style="color:rgb(0,0,0);font-family:'Times New Roman',serif;font-size:16px"><b><span style="font-size:10pt;font-family:Calibri,sans-serif">AUS<span> </span></span></b><span style="font-size:10pt;font-family:Calibri,sans-serif"><b>Mobile.</b> <span style="color:rgb(0,32,96)"><a href="tel:%2B61%20400%20947%20947" value="+61400947947" target="_blank">+61 400 947 947</a> </span></span></span><b style="text-align:-webkit-auto"><div style="font-weight:normal;display:inline!important"><b style="font-family:Calibri,sans-serif;font-size:13px">Fax.<font color="#002060">  </font></b></div></b><b style="text-align:-webkit-auto"><div style="font-weight:normal;display:inline!important"><span style="color:rgb(0,32,96);font-family:Calibri,sans-serif;font-size:13px"><a href="tel:1300%207654%2027" value="+611300765427" target="_blank">1300 7654 27</a></span></div></b></div><div><font><b style="font-family:Helvetica"><div style="font-family:Courier;font-weight:normal"><span style="font-family:'Times New Roman',serif;font-size:16px"><b><span style="font-size:10pt;font-family:Calibri,sans-serif">PNG Phone.</span></b><span style="font-size:10pt;font-family:Calibri,sans-serif"> <span style="color:rgb(0,32,96)"><a href="tel:%2B675%20303%201236" value="+6753031236" target="_blank">+675 303 1236</a></span><span style="color:rgb(0,64,128)"> </span> <b>Mobile.</b> <span style="color:rgb(0,32,96)">+675 76 947 947 <b> </b></span><span style="color:rgb(0,64,128)"> </span><b>Fax.</b> <span style="color:rgb(0,32,96)"><a href="tel:%2B675%20325%209066" value="+6753259066" target="_blank">+675 325 9066</a></span></span></span></div></b></font><div style="color:rgb(0,0,0);font-family:Courier"><span style="font-family:'Times New Roman',serif;font-size:16px"><b><span style="font-size:10pt;font-family:Calibri,sans-serif">Email.</span></b><span style="font-size:10pt;font-family:Calibri,sans-serif"> </span></span><a href="mailto:keitha@apcs.com.au" target="_blank">keitha@apcs.com.au</a><span style="font-family:'Times New Roman',serif;font-size:16px"><span style="font-size:10pt;font-family:Calibri,sans-serif"> <b><span style="color:silver">l </span>Web. </b></span></span><b style="font-family:Helvetica;text-align:-webkit-auto"><div style="font-family:Courier;font-weight:normal;display:inline!important"><div style="display:inline!important"><a href="http://apcs.com.au/" target="_blank">www.apcs.com.au</a></div></div></b></div></div><div style="color:rgb(0,0,0);font-family:Courier"><br></div></div></b></span></span></span></span></span><span style="color:rgb(0,0,0);font-family:Helvetica;border-collapse:separate;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;border-spacing:0px"><span style="font-weight:900"><span style="border-collapse:separate;color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;border-spacing:0px"><span style="font-weight:900"><span style="font-weight:800"><b><p class="MsoNormal"><b><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:bold;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"></span><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:bold;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"></span><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:bold;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"></span><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:bold;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"></span><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:bold;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"></span><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:bold;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"></span><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:bold;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"></span><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:bold;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><br style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:bold;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:bold;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span><span><span><img height="61" width="501" src="cid:04B0846E-0E50-42E7-AD72-F108FDE832C1"></span></span></span></span></span></b></p></b></span></span></span></span></span></span></span></div></div><br></div></div>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div>
<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>