AsyncRAT botnet controller @194.195.211.26

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 194.195.211.26 on port 4044 TCP:
$ telnet 194.195.211.26 4044
Trying 194.195.211.26…
Connected to 194.195.211.26.
Escape character is ‘^]’

Other malicious domain names hosted on this IP address:
www.ommi-it.com 194.195.211.26

Referencing malware samples (MD5 hash):
16e5d520637430a202874849decc534a — AV detection: 22/69 (31.88%)
2ab7e271e8b3be76ee8093d1043b7706 — AV detection: 25 / 68 (36.76%)
5a6fd775e662adec76f32bb7aa09e3e7 — AV detection: 43 / 70 (61.43%)
a1300688a2ac89195c6c4940ffb8490e — AV detection: 29 / 71 (40.85%)
a1a330eeae921fb60d993a8db65cf9fd — AV detection: 37 / 72 (51.39%)
a91f7596ae04bf9dabe3d4b401b638f4 — AV detection: 35 / 72 (48.61%)
b22c50884dce917b87deedb91c048659 — AV detection: 40 / 68 (58.82%)
b8ddb2257bac927494135a09c3e14490 — AV detection: 24 / 68 (35.29%)
d78ab407fe9cda7340d85cdafdf39eab — AV detection: 38 / 72 (52.78%)
dc346b96d13c1e54f7e5ee2d7010bf6e — AV detection: 26 / 69 (37.68%)
ea039a42d81976d5747c334789b1599f — AV detection: 37 / 70 (52.86%)

Опубликовано
В рубрике linode.com

Добавить комментарий

Ваш адрес email не будет опубликован.