RemcosRAT botnet controller @104.215.84.159

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 104.215.84.159 on port 2404 TCP:
$ telnet 104.215.84.159 2404
Trying 104.215.84.159…
Connected to 104.215.84.159.
Escape character is ‘^]’

Other malicious domain names hosted on this IP address:
dynasty1.ddns.net 104.215.84.159
dynasty2.ddns.net 104.215.84.159

Referencing malware samples:
MD5 29b98aa759304b796387924d12b62480
MD5 3d0f3dcc0df97c3a38c4daa4f6bf442a
MD5 d38b34dde7d35dce0e18e2d99c687420

Добавить комментарий

Ваш адрес email не будет опубликован.