QuasarRAT botnet controller @209.126.85.216

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 209.126.85.216 on port 9632 TCP:
$ telnet 209.126.85.216 9632
Trying 209.126.85.216…
Connected to 209.126.85.216.
Escape character is ‘^]’

$ nslookup 209.126.85.216
vmi581430.contaboserver.net

Referencing malware samples (MD5 hash):
5e8124a56573716b68d01d7829222099 — AV detection: 38 / 68 (55.88%)
74ef7d7f4aad8c60a09e7ee99daf2487 — AV detection: 32 / 68 (47.06%)
c2a5c207af19956dd86ec22506969d32 — AV detection: 55 / 69 (79.71%)

Опубликовано
В рубрике contabo.de

Добавить комментарий

Ваш адрес email не будет опубликован.