RedLineStealer botnet controller @135.181.171.9

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 135.181.171.9 on port 45918 TCP:
$ telnet 135.181.171.9 45918
Trying 135.181.171.9…
Connected to 135.181.171.9.
Escape character is ‘^]’

$ nslookup 135.181.171.9
static.9.171.181.135.clients.your-server.de

Referencing malware samples (MD5 hash):
1cdee3538446b9f49c4a5b7a3a80cd43 — AV detection: 42 / 67 (62.69%)
295b842a1a8473e51468fed24d1527cd — AV detection: 37 / 68 (54.41%)
2a9ea21ab285d4e5366153c87bf9a16e — AV detection: 29 / 67 (43.28%)
2e10e8c4d30a08273420da7674b9418b — AV detection: 14 / 69 (20.29%)
36576f4a5cd5a52bebe90e06bf6808af — AV detection: 22 / 66 (33.33%)
3d5cca44e7ea93b3e0e1474e9c788152 — AV detection: 30 / 69 (43.48%)
478afdd33300fb84e0bcc5ae81adf933 — AV detection: 21 / 70 (30.00%)
6e051a67febb2b9029d84ff175fb8555 — AV detection: 45 / 68 (66.18%)
6e86e69630b1167b098c0f95f60bf698 — AV detection: 41 / 68 (60.29%)
6f355c8d9b5e4403ea600527f0696861 — AV detection: 39 / 68 (57.35%)
865159a2120a6a3b080130159b7871ce — AV detection: 48 / 67 (71.64%)
91a8820745b817d904c3ecfa1b99f9be — AV detection: 46 / 69 (66.67%)
a66ad587d14501728dddcccf299f75ad — AV detection: 37 / 67 (55.22%)
a8dc912a056b91e7eec11c50eb75337d — AV detection: 27 / 68 (39.71%)
aa35eb5c312641d1586f7e4774c93d80 — AV detection: 31 / 68 (45.59%)
afeeb335668067e68e50874cc3be498e — AV detection: 43 / 67 (64.18%)
b7468904155157b5f8cd9cb3782686de — AV detection: 42 / 68 (61.76%)
bf8b30006efc3489d58ac2f16ddb3e6a — AV detection: 35 / 68 (51.47%)
d08d4e6751c159945c72be41125354b2 — AV detection: 41 / 69 (59.42%)
e8d6bb1db5269f897082e68957706943 — AV detection: 28 / 70 (40.00%)
eaea6af7588da24f0ab28928cf637146 — AV detection: 11 / 68 (16.18%)

Опубликовано
В рубрике hetzner.de

Добавить комментарий

Ваш адрес email не будет опубликован.