RedLineStealer botnet controller @95.216.16.35

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 95.216.16.35 on port 80 TCP:
$ telnet 95.216.16.35 80
Trying 95.216.16.35…
Connected to 95.216.16.35.
Escape character is ‘^]’

$ nslookup 95.216.16.35
static.35.16.216.95.clients.your-server.de

Referencing malware samples (MD5 hash):
01b31a5b16aa19085e8182dab279ddf8 — AV detection: 26 / 69 (37.68%)
1fa33c1a1b6542a855b4e693fbb3164e — AV detection: 42 / 70 (60.00%)
66a6c45d0a5aa815526ccc725f2347c2 — AV detection: 28 / 70 (40.00%)
8bce39cd73af077e8a24360ad94cd368 — AV detection: 35 / 69 (50.72%)
ab3637be13d9453c447218a0035c6d9f — AV detection: 37 / 67 (55.22%)
b3caaa2ccd4e6345a2924ddaf7b4530b — AV detection: 44 / 69 (63.77%)
bd2faaa3e1211c9a88db69a5265b03e1 — AV detection: 28 / 70 (40.00%)
bf6d16644fd75fc2998358a95dffface — AV detection: 40 / 62 (64.52%)
ccb46ec8b94986c195b87da5281f4c67 — AV detection: 25 / 70 (35.71%)
ff4ce3df606c536efb0b6bb7cbc8749f — AV detection: 39 / 69 (56.52%)

Опубликовано
В рубрике hetzner.de

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *