njrat botnet controller @34.89.104.171

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 91.109.188.3 on port 5050 TCP:
$ telnet 34.89.104.171 5050
Trying 34.89.104.171…
Connected to 34.89.104.171.
Escape character is ‘^]’

milla.publicvm.com. 120 IN A 34.89.104.171

$ nslookup 34.89.104.171
171.104.89.34.bc.googleusercontent.com

Referencing malware samples (MD5 hash):
36d2dbb072950a747396e767ad1f3925 — AV detection: 59 / 72 (81.94%)
a103992b5dc6efbde96402eec46bf0aa — AV detection: 63/71 (88.73%)
a4030e70f57258854c51e818651a3db4 — AV detection: 38/71 (53.52%)
a7fe344d5a4da735f290bf6985035cfb — AV detection: 10 / 69 (14.49%)

Опубликовано
В рубрике google.com

Добавить комментарий

Ваш адрес email не будет опубликован.