njrat botnet controller @20.50.121.62

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 20.50.121.62 on port 1604 TCP:
$ telnet 20.50.121.62 1604
Trying 20.50.121.62…
Connected to 20.50.121.62.
Escape character is ‘^]’

$ dig +short arda3369.duckdns.org
20.50.121.62

Referencing malware samples (MD5 hash):
4d5557e06c5f50770d5a94aa8bb8f6c5 — AV detection: 36 / 62 (58.06%)

Добавить комментарий

Ваш адрес email не будет опубликован.