TrickBot botnet controller @139.162.182.54

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 139.162.182.54 on port 443 TCP:
$ telnet 139.162.182.54 443
Trying 139.162.182.54…
Connected to 139.162.182.54.
Escape character is ‘^]’

$ nslookup 139.162.182.54
li1499-54.members.linode.com

Referencing malware samples (MD5 hash):
48002542747a028852b503cca538ccd3 — AV detection: 37 / 70 (52.86%)
48f73f44a67195eeaaad894137aecfed — AV detection: 40 / 68 (58.82%)
4aca899ff680343889bd9e2d616f1132 — AV detection: 9 / 70 (12.86%)
648ca5a2d8b3556cbb32d2920c46c94b — AV detection: 25 / 70 (35.71%)
6a56e9c66beb428f1cb669f1aaf4a22e — AV detection: 36 / 69 (52.17%)
75c9499ca1665c2352bb0415fce39dd5 — AV detection: 40 / 69 (57.97%)
9b3ace88af7f21118f311d891d4cac94 — AV detection: 32 / 71 (45.07%)
a18f7bcd77c99e098532cabd5021fe4b — AV detection: 28 / 70 (40.00%)
a648f287ded01899c5018bf6a0c919ea — AV detection: 17 / 71 (23.94%)
a880e4e346f032c1e200ce808e5cbf9f — AV detection: 21 / 71 (29.58%)
ac96e06becd5b524100bf5ca757ea079 — AV detection: 37 / 70 (52.86%)
c2aacfd024500cc7f6a7b5e33a2e9e6b — AV detection: 36 / 69 (52.17%)
ed7e85eaa6b885ed70c22b014da392c8 — AV detection: 27 / 70 (38.57%)
fe58d74c44660f3abd7a4a7c72b21c72 — AV detection: 36 / 66 (54.55%)

Опубликовано
В рубрике linode.com

Добавить комментарий

Ваш адрес email не будет опубликован.