Malware distribution & malware botnet controllers @31.184.249.165

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

ArkeiStealer botnet controller located at 31.184.249.165 on port 80 (using HTTP GET):
hXXp://file-file-host4.com/tratata.php

file-file-host4.com. 600 IN A 31.184.249.165

Smoke Loader botnet controller located at 31.184.249.165 on port 80 (using HTTP POST):
hXXp://file-file-host8.com/
hXXp://host-data-coin-11.com/
hXXp://xacokuo80.top/

file-file-host8.com. 600 IN A 31.184.249.165
host-data-coin-11.com. 600 IN A 31.184.249.165
xacokuo80.top. 600 IN A 31.184.249.165

Referencing malware binaries (MD5 hash):
16a32ce5e3bde626c4fe08878a2c3682 — AV detection: 26 / 68 (38.24)
1a430b2cbf785427c87c48d29a1a8c0f — AV detection: 22 / 67 (32.84)
202bc5b030fc0306cf72d3306f433928 — AV detection: 24 / 65 (36.92)
26165302478a39d7ca70abd8e369bb05 — AV detection: 31 / 66 (46.97)
26d31ce0fc2ba0f3aee8529f67787223 — AV detection: 27 / 64 (42.19)
2b4a85d03c7b1c9ca599019200fa9e5c — AV detection: 27 / 66 (40.91)
2eaa991a2b7b5ea47800ef7e5153acdc — AV detection: 29 / 65 (44.62)
38e0f6c481c79f84af0ebd5027602461 — AV detection: 21 / 66 (31.82)
45d0a6bb2ca00643fb04bf15d4aaa2c9 — AV detection: 25 / 67 (37.31)
4843b0cede3112c04cb502eadbfd80e8 — AV detection: 21 / 65 (32.31)
4a27646088db2ffe181eb8c9721711e8 — AV detection: 34 / 68 (50.00)
514a800cb2fbff3d7ab9797b7af2bc14 — AV detection: 35 / 69 (50.72)
52ec044c9c50debd01e75b103f8199d1 — AV detection: 25 / 60 (41.67)
6d05754d8c2993ed551bfd3370e3ef36 — AV detection: 31 / 66 (46.97)
72f69507299003c9ca9638223bf1ef8f — AV detection: 24 / 67 (35.82)
8f795c01f7687bb7a220d444006b83fd — AV detection: 24 / 67 (35.82)
9864b9fac47e9f7413ad94af41d94d6a — AV detection: 24 / 66 (36.36)
a2c4c8300b203e6a0f5cf77ddb80577b — AV detection: 24 / 67 (35.82)
a94d587fe657b2b71f833c1af0c6ad66 — AV detection: 22 / 67 (32.84)
c6e5298f945f91851744f96ee16412e5 — AV detection: 32 / 68 (47.06)
c76db0c0032f058497d6e55363464cfd — AV detection: 33 / 68 (48.53)
cfccc013dbe859369df6338ac03385bb — AV detection: 24 / 66 (36.36)
d2331edf10b3c0e6a5c8fec0a1a6392e — AV detection: 23 / 67 (34.33)
eba42a51610556af306bba1f5af665dc — AV detection: 22 / 67 (32.84)
ffb7cfdccabbb77ff09bc1e4f03d1e35 — AV detection: 24 / 67 (35.82)
ffc53ea16d7e7d734131aeea8e53ae3c — AV detection: 23 / 66 (34.85)

Malware distribution located here:
hXXp://privacy-tools-for-you-777.com/downloads/toolspab2.exe

privacy-tools-for-you-777.com. 600 IN A 31.184.249.165

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 31.184.249.165 on port 443:
$ telnet 31.184.249.165 443
Trying 31.184.249.165…
Connected to 31.184.249.165.
Escape character is ‘^]’

Additional malicious domains observed at this IP address:
file-file-host4.com. 600 IN A 31.184.249.165
file-file-host8.com. 600 IN A 31.184.249.165
host-data-coin-11.com. 600 IN A 31.184.249.165
host-file-coin-4.com. 600 IN A 31.184.249.165
host-file-host-3.com. 600 IN A 31.184.249.165
privacy-tools-for-you-777.com. 600 IN A 31.184.249.165
privacytoolzfor-you7000.com. 600 IN A 31.184.249.165
stats404.info. 600 IN A 31.184.249.165
xacokuo80.top. 600 IN A 31.184.249.165

Опубликовано
В рубрике selectel.ru

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *