RaccoonStealer botnet controller @34.91.203.83

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 34.91.203.83 on port 443 TCP:
$ telnet 34.91.203.83 443
Trying 34.91.203.83…
Connected to 34.91.203.83.
Escape character is ‘^]’

$ nslookup 34.91.203.83
83.203.91.34.bc.googleusercontent.com

$ dig +short fabulouscityofbruges.top
34.91.203.83

Referencing malware samples (MD5 hash):
23914af72dbde9d99c349b8678f8ea62 — AV detection: 45 / 71 (63.38%)
3b31e93d17389c8780ed9c858bc92ab7 — AV detection: 23 / 69 (33.33%)
50d6a1a1625549f3e44acaad7e1fb163 — AV detection: 41 / 70 (58.57%)
709bfa7c6c60c2e1a36f287becec0e5f — AV detection: 46 / 68 (67.65%)
9462c05a170648aa678b39490b0c3bdb — AV detection: 24 / 71 (33.80%)
9a8f521a6128cd3ccc01da69a818b0ad — AV detection: 37 / 69 (53.62%)
ca6d3c251cc86516ede0d001cf0cb0a1 — AV detection: 41 / 69 (59.42%)
d67ff55cd482b2fa76d1239e651a3ebc — AV detection: 39 / 71 (54.93%)
d78b03ac91c34df6ca7bb3f3e934d9e3 — AV detection: 38 / 70 (54.29%)
df856ac54fe3c10c2a21acdbda22ce39 — AV detection: 23 / 70 (32.86%)
e5d323363cb6dc471461fa87737edddf — AV detection: 43 / 71 (60.56%)
eb687734d94d411b48799945a263878e — AV detection: 17 / 70 (24.29%)
f33b7de94c542fe0c006b94b4bc2e39f — AV detection: 46 / 70 (65.71%)
f5ea02bb55ba7f64e55b6f12ac605576 — AV detection: 28 / 71 (39.44%)

Опубликовано
В рубрике google.com

Добавить комментарий

Ваш адрес email не будет опубликован.