RemoteManipulator botnet controller @185.175.44.167

===== Rolled forward as ongoing from SBL SBL500795, created 2020-11-04. ====
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 185.175.44.167 on port 5655 TCP:
$ telnet 185.175.44.167 5655
Trying 185.175.44.167…
Connected to 185.175.44.167.
Escape character is ‘^]’

$ dig +short rms-server.tektonit.ru
185.175.44.167

Referencing malware samples (MD5 hash):
0b7a0c9be6563f5320b93324bee92184 — AV detection: 41 / 71 (57.75%)
140e33a1f77330beca6e10477ee52b03 — AV detection: 43 / 60 (71.67%)
1716c6a315ce64edc532f05906c3d704 — AV detection: 13 / 71 (18.31%)
1a6fe885fa4cc0c1b82a76bfb5362dbd — AV detection: 2 / 66 (3.03%)
2003321f931fefe13efbe87e0c24f875 — AV detection: 33 / 69 (47.83%)
2770f25b277a2cef0c5b1ecde69c9ef7 — AV detection: 49 / 64 (76.56%)
322cb72a8820aa35696a95c889e0f230 — AV detection: 53 / 68 (77.94%)
3e42af7f6db601b213d561875d372eef — AV detection: 47 / 68 (69.12%)
55b3b2bfa88c0ed60847ee19e8746ee9 — AV detection: 39 / 71 (54.93%)
832259b650cec26a6090021fc7b9fd90 — AV detection: 31 / 63 (49.21%)
91aecf667ccc2e5dafbff26558dccefa — AV detection: 8 / 61 (13.11%)
944b3bfc85c39cb8668d32d661831df7 — AV detection: 48 / 64 (75.00%)
a38aa0cec384c37aa0dd0776ade60688 — AV detection: 37 / 68 (54.41%)
ca512b3bef30827bdb9267ad468e5e7f — AV detection: 40 / 70 (57.14%)
f3fc02b3ff772e13df590b1f42fe4ea7 — AV detection: 53 / 71 (74.65%)
fe451ae0686d337fc6ce12beee22b537 — AV detection: 39 / 70 (55.71%)

Опубликовано
В рубрике selectel.ru

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *