DCRat botnet controller @176.9.31.109

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 176.9.31.109 on port 3674 TCP:
$ telnet 176.9.31.109 3674
Trying 176.9.31.109…
Connected to 176.9.31.109.
Escape character is ‘^]’

$ nslookup 176.9.31.109
static.109.31.9.176.clients.your-server.de

Referencing malware samples (MD5 hash):
55231926e74063b6a50f6588a46976bb — AV detection: 51 / 70 (72.86%)
b4e823e0081d56e012995420a9d6427c — AV detection: 33 / 68 (48.53%)
f70b81d5fee3288200087ff719d56307 — AV detection: 12 / 68 (17.65%)

Опубликовано
В рубрике hetzner.de

Добавить комментарий

Ваш адрес email не будет опубликован.