Comments

New malware campaign using DDE exploit delivering malware — 1 Comment

  1. Looks like a (compromised ?) Windows VM.
    Nmap scan report for rokutov.95.2cloud.eu (92.63.91.26)
    Host is up (2.8s latency).
    Not shown: 984 closed ports
    PORT STATE SERVICE
    23/tcp open telnet
    110/tcp open pop3
    119/tcp open nntp
    135/tcp open msrpc
    139/tcp open netbios-ssn
    445/tcp open microsoft-ds
    808/tcp open ccproxy-http
    1080/tcp open socks
    2121/tcp open ccproxy-ftp
    3389/tcp open ms-wbt-server
    49152/tcp open unknown
    49153/tcp open unknown
    49154/tcp open unknown
    49155/tcp open unknown
    49156/tcp open unknown
    49158/tcp open unknown

    Telnet is an http proxy, not telnet.
    Windows machine name is WIN-32VTGRUNTN0

Leave a Reply

Your email address will not be published. Required fields are marked *