Socelars botnet controller @45.94.58.223

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Socelars botnet controller located at 45.94.58.223 on port 80 (using HTTP POST):
hXXp://www.uspzsx.com/Home/Index/djksye

$ dig +short www.uspzsx.com
45.94.58.223

$ nslookup 45.94.58.223
vmi771097.contaboserver.net

Referencing malware binaries (MD5 hash):
6c62c3b2cea83e0a561b243b90a5d72d — AV detection: 55 / 67 (82.09)
7ebf41b7e0d24473f2ad0b25e354f615 — AV detection: 43 / 68 (63.24)
8f70a0f45532261cb4df2800b141551d — AV detection: 37 / 67 (55.22)
971e01647fbdc05bef3df71b008e2ca6 — AV detection: 45 / 70 (64.29)
abb7c14fd13fd3c288bcdcdc7b7adb3a — AV detection: 40 / 68 (58.82)
af88161d9633889f704f0ca2622f7c7a — AV detection: 30 / 68 (44.12)

Опубликовано
В рубрике contabo.de

Добавить комментарий

Ваш адрес email не будет опубликован.