RedLineStealer botnet controller @178.63.26.132

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 178.63.26.132 on port 29795 TCP:
$ telnet 178.63.26.132 29795
Trying 178.63.26.132…
Connected to 178.63.26.132.
Escape character is ‘^]’

$ nslookup 178.63.26.132
static.132.26.63.178.clients.your-server.de

Referencing malware samples (MD5 hash):
0ac3743ae102b26cb8bb120e1ac4f3f7 — AV detection: 16 / 65 (24.62%)
27e637e5df784fbd3e9e47e6efffc8d6 — AV detection: 20 / 67 (29.85%)
3918fdb6b695db192da42ef9d5631df9 — AV detection: 20 / 67 (29.85%)
659f4f0ceccdddbcc18f89ee8cc58780 — AV detection: 20 / 66 (30.30%)
7dadca3d04f18e4673d1a8e8aaff0561 — AV detection: 27 / 67 (40.30%)
fd420bdbd36a5ecb3fc8524b03c17154 — AV detection: 17 / 67 (25.37%)

Опубликовано
В рубрике hetzner.de

Добавить комментарий

Ваш адрес email не будет опубликован.