RedLineStealer botnet controller @37.230.112.47

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 37.230.112.47 on port 36265 TCP:
$ telnet 37.230.112.47 36265
Trying 37.230.112.47…
Connected to 37.230.112.47.
Escape character is ‘^]’

$ nslookup 37.230.112.47
darkwppp.fvds.ru

Referencing malware samples (MD5 hash):
0bea974fca09703496dcca41ce759790 — AV detection: 45 / 68 (66.18%)
32df2eb9a83b1a97096aa403b6e5ce3f — AV detection: 41 / 63 (65.08%)
55be20f1af1c7d49de571c14d1c1583b — AV detection: 25 / 68 (36.76%)
5abf967f514466318c8786cd77a4e280 — AV detection: 39 / 69 (56.52%)
8e0d32c0195d67c5b2df608595e25992 — AV detection: 39 / 67 (58.21%)
a7595a0b8207dbf31c7c37b89fa2a05d — AV detection: 20 / 67 (29.85%)
c25a518c65ab90615c639a1e036abf6c — AV detection: 34 / 68 (50.00%)
ca2976f807a5b45f8df607ea161e3d08 — AV detection: 34 / 68 (50.00%)
e3412420d3686942210ce38878f2cea8 — AV detection: 34 / 68 (50.00%)
ede7812d29098515836754ed757358e1 — AV detection: 22 / 67 (32.84%)

Добавить комментарий

Ваш адрес email не будет опубликован.