RedLineStealer botnet controller @142.132.184.130

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 142.132.184.130 on port 15150 TCP:
$ telnet 142.132.184.130 15150
Trying 142.132.184.130…
Connected to 142.132.184.130.
Escape character is ‘^]’

$ nslookup 142.132.184.130
static.130.184.132.142.clients.your-server.de

Referencing malware samples (MD5 hash):
0cdc6b111c1ad45faca50a3772e7b394 — AV detection: 24 / 69 (34.78%)
3c5469525a6671937480ccebc7232857 — AV detection: 49 / 69 (71.01%)
4fca3668e0836b3e9432874e491a23c4 — AV detection: 41 / 69 (59.42%)
a2cf8b69509c6daf5bbe6956182a9dee — AV detection: 26 / 67 (38.81%)
b759cfc6e1d7c1bd10a273ed67987669 — AV detection: 28 / 63 (44.44%)
c4d77784ddfc0e376b6cb6fa654a4f8d — AV detection: 28 / 69 (40.58%)

Опубликовано
В рубрике hetzner.de

Добавить комментарий

Ваш адрес email не будет опубликован.