RemcosRAT botnet controller @54.37.160.139

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 54.37.160.139 on port 5467 TCP:
$ telnet 54.37.160.139 5467
Trying 54.37.160.139…
Connected to 54.37.160.139.
Escape character is ‘^]’

$ nslookup 54.37.160.139
ip139.ip-54-37-160.eu

Referencing malware samples:
MD5 043f469e0cdd5ee19a0c1e92070274c9
MD5 0577e2c8bb9036f0ff8dde56e06621e2
MD5 100584dd914fff4db53bd468763d7a16
MD5 2119ae04a99f3474b6652b80acbf9e36
MD5 8bbed3d331c92eb90dab265b0635ef50
MD5 d56f6fa3922ae321c0f3dc9fecd823ad
MD5 dcd79da0356caad135b3f7e9c1584cad

Опубликовано
В рубрике ovh.net

Добавить комментарий

Ваш адрес email не будет опубликован.