DCRat botnet controller @77.246.158.136

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

DCRat botnet controller located at 77.246.158.136 on port 80 (using HTTP GET):
hXXp://77.246.158.136/62Api/flower/ApiVoiddb/track/DumpLongpollJsMariadb/VoiddbWordpress/flower/6/DatalifelocalFlower/1python/DlePhpSql/Temporary5Default/Video/Pythonmulti4/EternallinuxGeneratorTemp.php

$ nslookup 77.246.158.136
akksvina12.fvds.ru

Referencing malware binaries (MD5 hash):
a7b9245f75fe9a8c0cfea633cf4685c5 — AV detection: 47 / 69 (68.12)
b3550b64f4528b7b6d55990fd6a87c91 — AV detection: 45 / 68 (66.18)
b494a2dfaf44b4b876877ad2b2dcd0d1 — AV detection: 38 / 62 (61.29)
c4462141e2735c6aea3819871b1a4d27 — AV detection: 49 / 69 (71.01)
cc436895ceff069d59814cd7bf7491a1 — AV detection: 49 / 69 (71.01)
dc0e448278e0549cb1e5bb094e972555 — AV detection: 50 / 69 (72.46)

Добавить комментарий

Ваш адрес email не будет опубликован.