AsyncRAT botnet controller @3.121.139.82

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 3.121.139.82 on port 19858 TCP:
$ telnet 3.121.139.82 19858
Trying 3.121.139.82…
Connected to 3.121.139.82.
Escape character is ‘^]’

$ nslookup 3.121.139.82
ec2-3-121-139-82.eu-central-1.compute.amazonaws.com

$ dig +short 4.tcp.eu.ngrok.io
3.121.139.82

Referencing malware samples (MD5 hash):
42eff4a99a06c13b8023609232afd907 — AV detection: 41 / 67 (61.19%)
453726e0a75a062ac2faffded0393d28 — AV detection: 59 / 71 (83.10%)
995d57539cbac63f55a993716171df80 — AV detection: 43 / 70 (61.43%)
a83a901db24f9f4fd4e2904796528035 — AV detection: 59 / 71 (83.10%)
d9cd4fda3963a61e81375dd6d98525ea — AV detection: 59 / 70 (84.29%)
dafd8c207e64361f45d6eb37bb408079 — AV detection: 62 / 71 (87.32%)

Опубликовано
В рубрике amazon.com

Добавить комментарий

Ваш адрес email не будет опубликован.