TrickBot botnet controller @172.105.15.152

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 172.105.15.152 on port 443 TCP:
$ telnet 172.105.15.152 443
Trying 172.105.15.152…
Connected to 172.105.15.152.
Escape character is ‘^]’

$ nslookup 172.105.15.152
li1970-152.members.linode.com

Referencing malware samples (MD5 hash):
2ef3d86d351b03dd5adb57ab72fa4d13 — AV detection: 21 / 68 (30.88%)
3c2ba1f1c4a14d708acc39a67824e65f — AV detection: 18 / 70 (25.71%)
3ccd0ed78934ec716fef5fe710b5b14e — AV detection: 39 / 69 (56.52%)
75a7dfd1156de6023f20d91595afd306 — AV detection: 27 / 70 (38.57%)
8b0e0c9cc39c64bb1deb85ca4888538e — AV detection: 17 / 69 (24.64%)
9efa9c51ed7c4cfdf7b8b6201cab8041 — AV detection: 18 / 69 (26.09%)
aaa5c0fc31bcca82a0575e31664084ce — AV detection: 43 / 70 (61.43%)
af9f00bd331dbd53996a8c9e8eb23cf5 — AV detection: 9 / 67 (13.43%)
b2a5e83ab5c28fabb5a95ea9a18adb1c — AV detection: 40 / 70 (57.14%)
b8101e57b8873916caa6953bb73dfefd — AV detection: 41 / 69 (59.42%)
bdc01d709a525793f0e1d08ae0f15b35 — AV detection: 41 / 68 (60.29%)
e8983edc448fcab51c510655384b3251 — AV detection: 39 / 70 (55.71%)
fd68d9a6dc82c9970b1844d0c5e0e9ad — AV detection: 44 / 70 (62.86%)

Опубликовано
В рубрике linode.com

Добавить комментарий

Ваш адрес email не будет опубликован.