XpertRAT botnet controller @146.59.132.186

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 146.59.132.186 on port 4000 TCP:
$ telnet 146.59.132.186 4000
Trying 146.59.132.186…
Connected to 146.59.132.186.
Escape character is ‘^]’

$ nslookup 146.59.132.186
ip186.ip-146-59-132.eu

Other malicious domain names hosted on this IP address:
byx.z86.ru 146.59.132.186
cloudhost.myfirewall.org 146.59.132.186
kapasky-antivirus.firewall-gateway.net 146.59.132.186
sxzn.a4t.in 146.59.132.186

Referencing malware samples (MD5 hash):
20941a7b8f8dc7637c127f87b3f09ffb — AV detection: 20 / 68 (29.41%)
3f9dc016f6c22ed9a0303242adfab10a — AV detection: 19 / 68 (27.94%)
5fdb0c84675bc828b99b05fe4047de03 — AV detection: 18 / 67 (26.87%)
f6200b9b9789794de4a8d78f4ae96d22 — AV detection: 19 / 67 (28.36%)

Опубликовано
В рубрике ovh.net

Добавить комментарий

Ваш адрес email не будет опубликован.