GCleaner botnet controller @185.231.245.232

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

GCleaner botnet controller located at 185.231.245.232 on port 80 (using HTTP GET):
hXXp://postbackstat.biz/check.php

Malware botnet controller at 185.231.245.232 on port 443.
$ telnet 185.231.245.232 443
Trying 185.231.245.232…
Connected to 185.231.245.232.
Escape character is ‘^]’

forwardstorage.biz. 60 IN A 185.231.245.232
postbackstat.biz. 60 IN A 185.231.245.232

Referencing malware binaries (MD5 hash):
0667ace8cf940d7d56d3aa7ed7fe87e2 — AV detection: 46 / 69 (66.67)
71412e1e9139ef39f99cd61dd34b1122 — AV detection: 26 / 68 (38.24)
7aa969fdffd0eb3a6d909fb1ef6a5a4c — AV detection: 36 / 68 (52.94)
975b12b1a5eb94546bc03a18990fc10c — AV detection: 47 / 69 (68.12)
9d12dce28ca94fad977d57b1109941d3 — AV detection: 25 / 69 (36.23)
a19de5d2a094b016b22dfda4c2138003 — AV detection: 53 / 68 (77.94)
ac6a9f8a35c38551bd674f7a2e840054 — AV detection: 42 / 69 (60.87)
b0fd10ea697a84d539bea9739ac866f0 — AV detection: 28 / 61 (45.90)
b3a714b786ef46b7676e68e6dd68a389 — AV detection: 54 / 69 (78.26)
bab4569b91afc1b8e96f1f39708c41bd — AV detection: 45 / 65 (69.23)
bc9bcb032e5015bf47efe154f0e6a206 — AV detection: 38 / 68 (55.88)
e4c99dcc117b45dbd02c49723df0e5da — AV detection: 48 / 69 (69.57)

Опубликовано
В рубрике team-host.ru

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *