DCRat botnet controller @141.8.195.104

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

DCRat botnet controller located at 141.8.195.104 on port 80 (using HTTP GET):
hXXp://f0653783.xsph.ru/Dark.php

$ dig +short f0653783.xsph.ru
141.8.195.104

$ nslookup 141.8.195.104
einherjar.from.sh

Referencing malware binaries (MD5 hash):
c9586ef07c741e4a06eef3fa6e66e165 — AV detection: 31 / 69 (44.93)

Other malicious domain names hosted on this IP address:
l2noo.ru 141.8.195.104
f0653783.xsph.ru 141.8.195.104

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *