RedLineStealer botnet controller @95.216.21.217

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 95.216.21.217 on port 19597 TCP:
$ telnet 95.216.21.217 19597
Trying 95.216.21.217…
Connected to 95.216.21.217.
Escape character is ‘^]’

$ nslookup 95.216.21.217
95-216-21-217.serverhub.ru

Referencing malware samples (MD5 hash):
08ab0023c5b605de9408b4da84fc45f6 — AV detection: 23 / 69 (33.33%)
2321b6eb8d2fa3f21a4f4cbc24f0057e — AV detection: 25 / 68 (36.76%)
2abeef2aa8ca3fc0b217386ec2fc9275 — AV detection: 27 / 68 (39.71%)
47d8679cef92d54658d18b82d662a266 — AV detection: 30 / 71 (42.25%)
6bdd6c6b9538fdf8f7defd95bd74595b — AV detection: 24 / 68 (35.29%)
8ae45803f89e8d534484789e4f7d9e12 — AV detection: 28 / 69 (40.58%)
8e8bc276826ac0ba44a346f353f462f7 — AV detection: 53 / 67 (79.10%)
a7b0c9980645da74afeaeba404e11a5e — AV detection: 47 / 69 (68.12%)
d8abe331742fe183706933d3017a34ac — AV detection: 21 / 66 (31.82%)
e7076a3303f109e81cdf10bfd09b5d0a — AV detection: 21 / 69 (30.43%)
f466b9e58cb30856bf9c7bf87d5d0394 — AV detection: 24 / 65 (36.92%)

Опубликовано
В рубрике hetzner.de

Добавить комментарий

Ваш адрес email не будет опубликован.