Smoke botnet controller and malware distribution @45.8.124.53

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Smoke Loader botnet controller located at 45.8.124.53 on port 80 (using HTTP POST):
hXXp://file-coin-host-12.com/

file-coin-host-12.com. 600 IN A 45.8.124.53

Referencing malware binaries (MD5 hash):
709cdc8f1ffceb73206dec78221d895e — AV detection: 23 / 67 (34.33)
9fe895c3631429459b128bff1cb6f948 — AV detection: 20 / 66 (30.30)
d0f36dcf733939b17f962b83082e15b1 — AV detection: 23 / 67 (34.33)

Malware distribution located here:
hXXp://file-coin-coin-10.com/files/3668_1644349684_8220.exe
hXXp://privacy-tools-for-you-792.com/downloads/toolspab2.exe
hXXp://privacy-tools-for-you-793.com/downloads/toolspab2.exe

file-coin-coin-10.com. 600 IN A 45.8.124.53
privacy-tools-for-you-792.com. 600 IN A 45.8.124.53
privacy-tools-for-you-793.com. 600 IN A 45.8.124.53

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 45.8.124.53 on port 443:
$ telnet 45.8.124.53 443
Trying 45.8.124.53…
Connected to 45.8.124.53.
Escape character is ‘^]’

Additional malicious domains observed at this IP address:
coin-file-file-19.com. 600 IN A 45.8.124.53
file-coin-coin-10.com. 600 IN A 45.8.124.53
file-coin-host-12.com. 600 IN A 45.8.124.53
file-file-host8.com. 600 IN A 45.8.124.53
privacy-tools-for-you-792.com. 600 IN A 45.8.124.53
privacy-tools-for-you-793.com. 600 IN A 45.8.124.53
stats404.info. 600 IN A 45.8.124.53

Опубликовано
В рубрике selectel.ru

Добавить комментарий

Ваш адрес email не будет опубликован.