RedLineStealer botnet controller @51.254.187.177

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 51.254.187.177 on port 3705 TCP:
$ telnet 51.254.187.177 3705
Trying 51.254.187.177…
Connected to 51.254.187.177.
Escape character is ‘^]’

$ dig +short thistrespor.ru
51.254.187.177

Referencing malware samples (MD5 hash):
174620eedb3336c594a3be1bfa80113e — AV detection: 35 / 64 (54.69%)
8c90ab4abca051e12e9cc200dd7dbecc — AV detection: 14 / 69 (20.29%)
a3d1c55166e58063853750cb24300f4e — AV detection: 28 / 70 (40.00%)
a5e5a1eced0d4c79a7b80cb53dcf8045 — AV detection: 19 / 69 (27.54%)
ab4515ea9573a0e121ad09f676e2b68c — AV detection: 21 / 69 (30.43%)
b0439e841b73c292ec2bbc03ebba866b — AV detection: 17 / 70 (24.29%)
ea314df9110e5e4615a4a64c9e3f3ca2 — AV detection: 19 / 70 (27.14%)
f59b9242b9eeefbed252063fc3f7f67e — AV detection: 18 / 70 (25.71%)

Опубликовано
В рубрике ovh.net

Добавить комментарий

Ваш адрес email не будет опубликован.