RaccoonStealer botnet controller @172.67.190.94

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

RaccoonStealer botnet controller located at 172.67.190.94 on port 80 (using HTTP GET):
hXXp://telegin.top/agrybirdsgamerept

$ dig +short telegin.top
172.67.190.94

Referencing malware binaries (MD5 hash):
031c3e6879c19733ed4ce32e0e83f428 — AV detection: 21 / 67 (31.34)
1491bf0f2dcf53f85894016bb1ae849c — AV detection: 23 / 68 (33.82)
24d6e09d00ba7c2532729c446d83ceda — AV detection: 22 / 68 (32.35)
26b0c5f93b37c47aba6c4329e9266389 — AV detection: 26 / 69 (37.68)
323d50709d7f4301b40ebf1937c0e23f — AV detection: 21 / 64 (32.81)
324bc7acff2c23b6c8b1ac4081a18791 — AV detection: 21 / 67 (31.34)
373ad836563068ac486e295924178643 — AV detection: 24 / 67 (35.82)
41ed12715788b8a094be91e34f2ecbcc — AV detection: 24 / 68 (35.29)
44e4f96ebb2f28bda5d7163d7b0b4dfd — AV detection: 23 / 67 (34.33)
56b6d189d3bbc6039fbbd02f5833c8fa — AV detection: 25 / 68 (36.76)
590c7b71df0f0adb3535b1caf26ddafd — AV detection: 23 / 68 (33.82)
5eef405bea4d4dfd79e57e5160eb1073 — AV detection: 24 / 65 (36.92)
7375280c337883c813a37db5b2f652b9 — AV detection: 24 / 68 (35.29)
79c45eae1629a2a30adc945e1aa4c0c2 — AV detection: 23 / 68 (33.82)
a680ae77d7dcbc614386f1b4ae2d6574 — AV detection: 40 / 68 (58.82)
b386be3f681558ab660edf2c801ff91a — AV detection: 22 / 68 (32.35)
d12fca9c9c2da0ac964a6f083e9129f1 — AV detection: 23 / 68 (33.82)
e024ce53b2ab6875161135d367e6f51c — AV detection: 46 / 70 (65.71)
ec0ae346615f9cb30d96531daf154c5d — AV detection: 21 / 69 (30.43)
f530540a1dc907c628b5381a6034f97e — AV detection: 25 / 68 (36.76)

Other malicious domain names hosted on this IP address:
xn--73-emcdgdk.xn--p1ai 172.67.190.94
www.liftonline.org 172.67.190.94
ibislk.com 172.67.190.94
telegin.top 172.67.190.94

Добавить комментарий

Ваш адрес email не будет опубликован.