Socelars botnet controller @185.169.252.236

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Socelars botnet controller located at 185.169.252.236 on port 80 (using HTTP POST):
hXXp://www.ekgcp.com/Home/Index/hdecny

$ dig +short www.ekgcp.com
185.169.252.236

$ nslookup 185.169.252.236
vmi803628.contaboserver.net

Referencing malware binaries (MD5 hash):
27b8f48c5402875ce3d4e2cbe912be72 — AV detection: 47 / 69 (68.12)
28551abad9d5e9042d6a6fbeff5277c4 — AV detection: 45 / 70 (64.29)
319aa553383517c3163ed5ac53dea0e7 — AV detection: 39 / 66 (59.09)
4360a3bfb142fa470e37f16de553441f — AV detection: 49 / 69 (71.01)
a33d64385e0b023d7f82db1bcdab952e — AV detection: 38 / 69 (55.07)
b3caaa2ccd4e6345a2924ddaf7b4530b — AV detection: 44 / 69 (63.77)
b5eb3da4631629ccce826c296ec1388b — AV detection: 38 / 67 (56.72)
bff3190080d2b4d8284e0174233cbe65 — AV detection: 41 / 68 (60.29)
cec977fcca8285346e7a3744ecfcbd57 — AV detection: 44 / 69 (63.77)
e333a1ad16f5aa8be4ecf2de9620afe9 — AV detection: 46 / 71 (64.79)

Опубликовано
В рубрике contabo.de

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *