AgentTesla botnet controller @35.213.167.255

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 35.213.167.255 on port 587 TCP:

From: info@tri2win.co.nz
To: boy92454@gmail.com

$ telnet 35.213.167.255 587
Trying 35.213.167.255…
Connected to 35.213.167.255.
Escape character is ‘^]’

$ nslookup 35.213.167.255
255.167.213.35.bc.googleusercontent.com

$ dig +short mail.tri2win.co.nz
35.213.167.255

Referencing malware samples:
MD5 21d2b5ac316311408c63dc5f02016946
MD5 7732564e8d30e508118b79277112d302
MD5 7a22fb09fb04817ec5fee3beb3ed43b9
MD5 a4f2226e6508e4313a6423c27feed174
MD5 d20b3883bcd797c7965198a8f3ef3399
MD5 dd0c3c8cfdfb1b8f421d21bf3e964719
MD5 e3e2c50f13fdc70a6533dee6ea1a635d
MD5 e8ca5cab79d6aabe98b6757519d32313
MD5 f3a041bea9312320ae941df96a62f0fe

Опубликовано
В рубрике google.com

Добавить комментарий

Ваш адрес email не будет опубликован.