RedLineStealer botnet controller @168.119.104.184

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 168.119.104.184 on port 22192 TCP:
$ telnet 168.119.104.184 22192
Trying 168.119.104.184…
Connected to 168.119.104.184.
Escape character is ‘^]’

$ nslookup 168.119.104.184
static.184.104.119.168.clients.your-server.de

Referencing malware samples (MD5 hash):
0ed55fa041adc2cb12006d044306633b — AV detection: 39 / 68 (57.35%)
137d5286d38aaa5cb169e90191a1afb7 — AV detection: 36 / 69 (52.17%)
30344f773566016aaff859c73e64bd16 — AV detection: 39 / 66 (59.09%)
3036473dbbc33e438e536cf37197b837 — AV detection: 28 / 67 (41.79%)
34756465782ec294556a57aa2ddd2bf9 — AV detection: 25 / 67 (37.31%)
497f7056a30ead819af614733efb6df3 — AV detection: 26 / 66 (39.39%)
590f1f37bd82f3e99c0fbd0667b07dc6 — AV detection: 43 / 68 (63.24%)
5a4e845d9d37a1bc53de4e95d23637cc — AV detection: 24 / 66 (36.36%)
5d19bb41c6033f032708488f5cd7a72d — AV detection: 47 / 68 (69.12%)
5f12b96b9ba70ceb383a5558275787f6 — AV detection: 22 / 67 (32.84%)
89611c7a85fb5ccd4dd7edc076bc4ee8 — AV detection: 40 / 66 (60.61%)
8b7b82eb83d4a6760ecf8e9398ffda64 — AV detection: 42 / 68 (61.76%)
a5f3233f226304106bfac4741a0de340 — AV detection: 26 / 68 (38.24%)
a7a12dbcc43087db28c9f450d1e31ae7 — AV detection: 36 / 68 (52.94%)
acd4f1abc20c791d50d011af42ddf59b — AV detection: 37 / 59 (62.71%)
b05f49e2020b4e323441976fe58c9096 — AV detection: 35 / 64 (54.69%)
b3e7ffc2b68ac03d4d2cfbb8f3e33080 — AV detection: 36 / 65 (55.38%)
b43d3c1392c49024a2316c04c7646eee — AV detection: 25 / 66 (37.88%)
cc097dc0c207cc000f929d011996715f — AV detection: 30 / 67 (44.78%)
e9772abd312ce826675812b0a2e568d5 — AV detection: 33 / 68 (48.53%)
f79d68c8b8baac77eea56ffdecc010c1 — AV detection: 24 / 67 (35.82%)

Опубликовано
В рубрике hetzner.de

Добавить комментарий

Ваш адрес email не будет опубликован.