The MMD's "Tango Down" project archive

March 8, 2017, 7:20:00 AM

This page is the archive of projects initiated and coordinated directly by MalwareMustDie team(MMD) on several threat research branches to takedown its malware infrastructure (we called this project as "Tango Down"), which its data is sorted by dates and ranged from the early MMD establishment (2012) to 2016. The project is lead by @esachin, who is still active with the takedown coordination.

From mid 2016 to mid 2017 the projects has been escalated beyond our resources, we could not record them properly but the execution for those takedown coordination has been followed eventually after each analysis post has been made, the some of those announcement were published in the private twitter account of @malwaremustdie, and so far, the total the bad infrastructure items takedown (suspension, locked, cleaned-up, etc) is exceeded more than 30,000 bad domains included the IP addresses.

Due to the high load in this operation. Since 2017 the scheme of coordination of the project has been changed, the projects continues in a form of escalation to incident response workflow passed as IOC/STIX2 for the intake process to affected Abuse, SIRT/CSIRT or CERT for the related internet services. We focus to the analysis report to support technical evidence of those escalation.

Below is the archive for list of the takedown projects recorded in the early stage, it is about 8,000+ takedowns, before the number has highly escalated:

Date Takedown Amount Description
20121225 LINK 194 Multiple verdict malware domains takedown
20121226 LINK 140 Blackhole EK domains takedown
20130325 LINK 22 Sweet Orange EK domains takedown
20130326 LINK 240 Sofos EK domains takedown
20130629 LINK 61 Blackhole EK("closest") domains takedown
20131105 LINK 10 domains 54 IP Necurs campaign Cridex+Fareit("*.RU:8080/*/column .php") infrastructure takedown
20130725 LINK 97 Kelihos botnet C2 domains takedown
20130808 LINK 113 Kelihos botnet C2 domains takedown
20131113 LINK 138 CryptoLocker ransomware domains takedown
20131203 LINK 2989 Kelihos botnet C2 domains takedown
20140915 LINK 85 Various China ELF malware C2 takedown
20160805 LINK 3917 Neutrino+Angler EK(maykoe@list .ru) domains takedown