OskiStealer botnet controller @172.67.136.167

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

OskiStealer botnet controller located at 172.67.136.167 on port 80 (using HTTP POST):
hXXp://modexdeals.ir/6.jpg

$ dig +short modexdeals.ir
172.67.136.167

Referencing malware binaries (MD5 hash):
44ac6fc2f8d02857f9d7a7bfde1e2376 — AV detection: 30 / 70 (42.86)
4ccf41724c4bb34e4c4cc22bc43eaf35 — AV detection: 15 / 66 (22.73)
5219c7030cdd135442d4f36ce5685e3f — AV detection: 24 / 67 (35.82)
7ba07a7931c391b48915913020d94368 — AV detection: 55 / 70 (78.57)
a128c5bc0609f0871555f4e66bb19717 — AV detection: 30 / 69 (43.48)
b111b18faad3cf644558f0a84ebea9b6 — AV detection: 40 / 70 (57.14)

Other malicious domain names hosted on this IP address:
newsrus.wiki 172.67.136.167
custommealbag.com 172.67.136.167
modexdeals.ir 172.67.136.167

Добавить комментарий

Ваш адрес email не будет опубликован.