RedLineStealer botnet controller @147.135.248.206

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 147.135.248.206 on port 22603 TCP:
$ telnet 147.135.248.206 22603
Trying 147.135.248.206…
Connected to 147.135.248.206.
Escape character is ‘^]’

$ nslookup 147.135.248.206
2028.gra1.ovh.abcd.network

Referencing malware samples (MD5 hash):
6a4154428660607475bdc89fa44eda1c — AV detection: 23 / 68 (33.82%)
7c542f24adab5b1a737f581367dade2e — AV detection: 21 / 66 (31.82%)
7ce7ca272d7483e227286431d0767f2f — AV detection: 23 / 67 (34.33%)
845846e4baafed09da4dd20eb9aa5f39 — AV detection: 23 / 65 (35.38%)
89a3bef57ce53936b9048e111b0e5e3f — AV detection: 25 / 68 (36.76%)
8b4f36dfa0f8ba03018096bced9748c5 — AV detection: 23 / 68 (33.82%)
94d27d3ef200c37e07698119132e1cb8 — AV detection: 21 / 66 (31.82%)
9c25f76a0e38e0a5865a291510a33e48 — AV detection: 22 / 66 (33.33%)
a034e4f4d6908d41e08c36e54c2451f6 — AV detection: 39 / 63 (61.90%)
a15fcb15ff8d0824099fe99986c3425f — AV detection: 29 / 58 (50.00%)
a485cb752e66e54c92ef00a9ae8f2eba — AV detection: 35 / 66 (53.03%)
a5c0c175bab8d32fcac148ded0d76f7b — AV detection: 23 / 53 (43.40%)
b3ed78c54c9cdd0c7371e572763e16b5 — AV detection: 29 / 69 (42.03%)
b48c4ccd785b4915891f9986ec3d69c6 — AV detection: 42 / 69 (60.87%)
c5fca287942e0756433a421ee8cd39a2 — AV detection: 24 / 69 (34.78%)
e1ca1c36939cd693f63be9c7c146f133 — AV detection: 23 / 68 (33.82%)
e338d3183fec33ba6eb7ff3143875770 — AV detection: 43 / 67 (64.18%)
ea6410c54b8ea167277ae92a049a7d6a — AV detection: 23 / 68 (33.82%)
eb04a9faa3ddb26885469709dc9fbb14 — AV detection: 24 / 67 (35.82%)

Опубликовано
В рубрике ovh.net

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *