AgentTesla botnet controller @143.198.217.144

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 143.198.217.144 on port 587 TCP (SMTP to: merchandise@enche.com):
$ telnet 143.198.217.144 587
Trying 143.198.217.144…
Connected to 143.198.217.144.
Escape character is ‘^]’

$ nslookup 143.198.217.144
cloudgate.cloud-computing.expert

Other malicious domain names hosted on this IP address:
1twobuy.com 143.198.217.144
ahmadsyazwan.com 143.198.217.144
ckgraphic.com 143.198.217.144
dsara.com.my 143.198.217.144
dschazy.com 143.198.217.144
inspiratech.com.my 143.198.217.144
mail.enche.com 143.198.217.144
syazatravel.com 143.198.217.144
traxxmy.com 143.198.217.144

Referencing malware samples (MD5 hash):
178864c2a080b77431583cfc5a4b8552 — AV detection: 36 / 57 (63.16%)
196d632250658de8cb56a95743f48182 — AV detection: 25 / 68 (36.76%)
1dc30879f61f25eabd4deeb527d33df6 — AV detection: 22 / 58 (37.93%)
26a74d6056ceb3d932b2854c3b3e6dbb — AV detection: 40 / 57 (70.18%)
2e5a87baa8e2013240d642e75c4f31d3 — AV detection: 48 / 56 (85.71%)
4054bb4a5569703b91a0f08915bf7147 — AV detection: 31 / 57 (54.39%)
40ababb5c96159694768e112b69664eb — AV detection: 33 / 56 (58.93%)
45c92bbda0ccb9c9ca69e08563446b72 — AV detection: 32 / 57 (56.14%)
4f2bdafb9fd05dbfd4ce1053db3aa2a4 — AV detection: 38 / 56 (67.86%)
566531d8fff6c5f84053d14fcd788a73 — AV detection: 29 / 57 (50.88%)
6683b75cd59ae851ef4ce5cbc9c2a5a0 — AV detection: 35 / 57 (61.40%)
6e2427a12098bce4423295dfcd8aa5f0 — AV detection: 60 / 71 (84.51%)
71e217e832bd12c06b4bb036dec46843 — AV detection: 41 / 55 (74.55%)
7f373a7d33ad5d46c0436940613bc111 — AV detection: 41 / 57 (71.93%)
858223b5d0ba7dfa1ce4d82a457d7fd2 — AV detection: 36 / 57 (63.16%)
885c3e9fbf795a9c7af0952b21d69e8e — AV detection: 41 / 57 (71.93%)
8c8444cf156c67387a67336d4dd35d2d — AV detection: 47 / 57 (82.46%)
8f5623e7a3e838a162b9e6ba36393958 — AV detection: 20 / 69 (28.99%)
974cf9ec9967e911ef3361332fa2e6ab — AV detection: 47 / 57 (82.46%)
9fd680982fd5883884362ac0b7bd8af8 — AV detection: 55 / 72 (76.39%)
a64f60ef1fa3c6edc0f5111d6b528a89 — AV detection: 32 / 57 (56.14%)
af749eeddbd6567b98e6319675515538 — AV detection: 38 / 57 (66.67%)
b938cbb5ba432954c86b085f0636c274 — AV detection: 33 / 68 (48.53%)
bfe7bf7414c3bc21b0311dfbd0dd7d5e — AV detection: 46 / 69 (66.67%)
c3fde565bd18e8a7cf47ef646517ad61 — AV detection: 65 / 73 (89.04%)
c6b675ef57cccafea743f151b99f7ab0 — AV detection: 37 / 53 (69.81%)
ccac4be723c2f74a172fa7e152ea93e7 — AV detection: 30 / 57 (52.63%)
dad5d76c685de53d87abae15b0679ed9 — AV detection: 62 / 71 (87.32%)
db493f1cb7b371fa287839d9a2c9f7b9 — AV detection: 36 / 57 (63.16%)
e170471c3c3e422877fc35e230dacef9 — AV detection: 41 / 55 (74.55%)
f2083310c7680987e6d678b6d38dc9c8 — AV detection: 48 / 70 (68.57%)
f38c1c6fb41ab086dbb2dcb3d5eb9283 — AV detection: 25 / 68 (36.76%)
fc3540c23ff10ffa3162fdf5e8576d6d — AV detection: 42 / 56 (75.00%)

Добавить комментарий

Ваш адрес email не будет опубликован.