Smoke botnet controller and malware distribution @193.124.118.116

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Smoke Loader botnet controller located at 193.124.118.116 on port 80 (using HTTP POST):
hXXp://file-coin-host-12.com/

file-coin-host-12.com. 600 IN A 193.124.118.116

Referencing malware binaries (MD5 hash):
709cdc8f1ffceb73206dec78221d895e — AV detection: 23 / 67 (34.33)
9fe895c3631429459b128bff1cb6f948 — AV detection: 20 / 66 (30.30)
d0f36dcf733939b17f962b83082e15b1 — AV detection: 23 / 67 (34.33)

Malware distribution located here:
hXXp://privacy-tools-for-you-782.com/downloads/toolspab2.exe
hXXp://privacy-tools-for-you-783.com/downloads/toolspab2.exe

privacy-tools-for-you-782.com. 600 IN A 193.124.118.116
privacy-tools-for-you-783.com. 600 IN A 193.124.118.116

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 193.124.118.116 on port 443:
$ telnet 193.124.118.116 443
Trying 193.124.118.116…
Connected to 193.124.118.116.
Escape character is ‘^]’

Additional malicious domains observed at this IP address:
coin-file-file-19.com. 600 IN A 193.124.118.116
file-coin-host-12.com. 600 IN A 193.124.118.116
file-file-host8.com. 600 IN A 193.124.118.116
privacy-tools-for-you-782.com. 600 IN A 193.124.118.116
privacy-tools-for-you-783.com. 600 IN A 193.124.118.116
stats404.info. 600 IN A 193.124.118.116

Опубликовано
В рубрике ruvds.com

Добавить комментарий

Ваш адрес email не будет опубликован.