Socelars botnet controller @164.68.101.131

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Socelars botnet controller located at 164.68.101.131 on port 80 (using HTTP POST):
hXXp://www.ebooktype.com/Home/Index/lkdinl

$ dig +short www.ebooktype.com
164.68.101.131

$ nslookup 164.68.101.131
vmi808518.contaboserver.net

Referencing malware binaries (MD5 hash):
03d1b8ee5b67125c6ee8e5a8c82e169f — AV detection: 46 / 71 (64.79)
0f2f3ccca38ce360a9be33d468fa7854 — AV detection: 37 / 70 (52.86)
1c07dc84162e8a52889173755b9c789b — AV detection: 37 / 68 (54.41)
1fa33c1a1b6542a855b4e693fbb3164e — AV detection: 42 / 70 (60.00)
3d33b77fb2fab5484d79b9e8210e071d — AV detection: 43 / 70 (61.43)
526b0c8a6b9e8cb984bbde90853d1181 — AV detection: 51 / 70 (72.86)
5a64fbc4ba5bd2339ec50a794919de3f — AV detection: 50 / 68 (73.53)
5b6b6abb22d25b88c0f2785160d396a9 — AV detection: 42 / 70 (60.00)
c9652110636b6e29736fa2e08fb52797 — AV detection: 46 / 69 (66.67)
c96913f5bc2a1a0c69b67eee36c508cf — AV detection: 42 / 62 (67.74)
fde8656e962bf503abfe698fe6454547 — AV detection: 45 / 70 (64.29)

Опубликовано
В рубрике contabo.de

Добавить комментарий

Ваш адрес email не будет опубликован.