SteamStealer IP visualisations

Just for fun I decided to visualise all SteamStealer IPs I’ve encountered (till now). They are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others. They may also be a C&C for the malware, or fake gambling/lottery websites.

Any additional information can also be found on my blog:
Malware spreading via Steam chat

Additionally, be sure to read the paper I wrote with Santiago from Kaspersky about SteamStealers here: The evolution of malware targeting Steam accounts and inventory

Now for the fun part:


View SteamStealer IPs in a full screen map

Alternatively, check out the following map and stats:

a

Country Count
Russian Federation 163
United Kingdom 19
Netherlands 18
United States 14
Germany 9
Ukraine 6
France 6
Poland 4
Romania 1
Italy 1
Czech Republic 1
Canada 1
Australia 1
Belarus 1
Belize 1
Kazakhstan 1
Virgin Islands, British 1
Spain 1
Moldova, Republic of 1

As you can see, most of them are hosted in Russia; while the United Kingdom and The Netherlands rank second and third respectively.

Note: CloudFlare is gaining popularity in ‘hiding’ the real server IP address. CloudFlare IPs are not included.

That’s about it, hope you enjoyed! Please find below tools used to create the mapping.

Resources

Geomapping:
Batchgeo
GIPC

Data:
SteamStealer IPs IOCs

This is a Security Bloggers Network syndicated blog post authored by Bart. Read the original post at: Blaze's Security Blog