RedLineStealer botnet controller @65.108.104.175

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 65.108.104.175 on port 1193 TCP:
$ telnet 65.108.104.175 1193
Trying 65.108.104.175…
Connected to 65.108.104.175.
Escape character is ‘^]’

$ nslookup 65.108.104.175
65-108-104-175.serverhub.ru

Referencing malware samples (MD5 hash):
4f6b3a98f17a488dfdd4f772f98db4a8 — AV detection: 23 / 66 (34.85%)
63a6b243f662c2e36685ee567f20ff1a — AV detection: 24 / 65 (36.92%)
647e9a074f6be7f07fb15268dfb0851c — AV detection: 22 / 66 (33.33%)
8f70a0f45532261cb4df2800b141551d — AV detection: 37 / 67 (55.22%)
9dd40b4ef08a15952bd6456ecb4b82a6 — AV detection: 25 / 66 (37.88%)
b5b0b211db2cc4d5aafa0b369c651706 — AV detection: 24 / 67 (35.82%)
e46af5c55f731cd31ff780c7e6f66526 — AV detection: 25 / 65 (38.46%)

Опубликовано
В рубрике hetzner.de

Добавить комментарий

Ваш адрес email не будет опубликован.