TrickBot botnet controller @172.104.241.29

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 172.104.241.29 on port 443 TCP:
$ telnet 172.104.241.29 443
Trying 172.104.241.29…
Connected to 172.104.241.29.
Escape character is ‘^]’

$ nslookup 172.104.241.29
li1817-29.members.linode.com

Referencing malware samples (MD5 hash):
2f35bcb851fadaa26201ff9345eeedac — AV detection: 35 / 69 (50.72%)
3c2ba1f1c4a14d708acc39a67824e65f — AV detection: 18 / 70 (25.71%)
562255c763893489cbf2836620322d05 — AV detection: 46 / 70 (65.71%)
9f9c36bdc97ac1f0fd3a08a5e2c6f287 — AV detection: 22 / 68 (32.35%)
a6fedffa64bd937c0b1a183549c482bb — AV detection: 41 / 69 (59.42%)
e34c7bb24a752644de21c1c1a921e74b — AV detection: 41 / 69 (59.42%)

Опубликовано
В рубрике linode.com

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *