AgentTesla botnet controller @35.206.125.238

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 35.206.125.238 on port 587 TCP:

From: duke@rexpo.com
To: duke@rexpo.com

$ telnet 35.206.125.238 587
Trying 35.206.125.238…
Connected to 35.206.125.238.
Escape character is ‘^]’

$ nslookup 35.206.125.238
238.125.206.35.bc.googleusercontent.com

$ dig +short c67976.sgvps.net
35.206.125.238

Referencing malware samples:
MD5 21a5450a6d10d7826dc34b3b09901596
MD5 4c3470830f35f075711ec37607b7a7e4
MD5 56ffe47abc7e3cf025fc80d75cfd4747
MD5 a5d6d8493b5e1e9bb8e6f032805e2850

Опубликовано
В рубрике google.com

Добавить комментарий

Ваш адрес email не будет опубликован.