MalwareBazaar Database

abuse_ch

Malspam distributing njrat:

HELO: smtp1-01.brain.net.pk
Sending IP: 203.128.3.25
From: wonhar <wonhar@brain.net.pk>
Reply-To: <ayala22mark@gmail.com>
Subject: ULTITEC COVID 19 PROTECTIVE CLOTHING
Attachment: NJULTITEC73BK39JV5295e9SCkYZKj5REvK.7z (contains "NJULTITEC73BK39JV5295e9SCkYZKj5REvK.exe")

NjRAT C2:
185.165.153.215:5552

Hosted on nvpn:

% Information related to '185.165.153.0 - 185.165.153.255'

% Abuse contact for '185.165.153.0 - 185.165.153.255' is 'abuse@privacy-matters.co'

inetnum: 185.165.153.0 - 185.165.153.255
netname: PRIVACY_MATTERS
remarks: This prefix belongs to a VPN service provider.
remarks: For us the privacy of our customers matters, which means we store no logs
remarks: related to any IP addresses.
remarks: Spamhaus, please note that blacklisting the clean prefixes of our hosting
remarks: partners and upstream providers is an act of coercion and will no longer
remarks: be tolerated.
remarks: Coercion is punishable by a custodial sentence or by a monetary penalty.
remarks: If you continue such practice we will not only take legal actions against
remarks: your organization, but also make such blackmailing attempts public in the
remarks: media.
country: AT
admin-c: PMVS3-RIPE
tech-c: PMVS3-RIPE
org: ORG-PMVS1-RIPE
status: ASSIGNED PA
mnt-by: PM-MNT
created: 2019-10-18T12:14:26Z
last-modified: 2019-10-18T13:31:16Z
source: RIPE

organisation: ORG-PMVS1-RIPE
org-name: Privacy Matters VPN service
org-type: OTHER
address: 87 Chemin Le Niol, Beau Vallon, Mah�, Seychelles
admin-c: PMVS3-RIPE
tech-c: PMVS3-RIPE
abuse-c: PMVS3-RIPE
mnt-ref: PM-MNT
mnt-by: PM-MNT
created: 2019-10-17T08:39:32Z
last-modified: 2019-10-18T12:49:58Z
source: RIPE # Filtered

role: Privacy Matters - VPN service
address: 87 Chemin Le Niol, Beau Vallon, Mah�, Seychelles
abuse-mailbox: abuse@privacy-matters.co
nic-hdl: PMVS3-RIPE
mnt-by: PM-MNT
created: 2019-10-17T08:29:52Z
last-modified: 2019-10-17T08:38:57Z
source: RIPE # Filtered