Malware Signature

The following table shows a list of malware samples and the corresponding botnet C&C (ip:port) associated with Tuhkit

Database Entry

Malware:Tuhkit
First seen:2016-11-19 17:29:58 UTC
Last seen:2016-11-20 18:13:02 UTC

Malware Samples

The table below documents all malware samples associated with this malware family.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2016-11-20 18:13:022168ffd2ea3c138c524289ef163da01cn/aTuhkit89.40.127.231:80
2016-11-20 18:13:022168ffd2ea3c138c524289ef163da01cn/aTuhkit89.40.127.231:80
2016-11-20 08:09:034fb7b7f3f382b7e82edb4fbe704d217an/aTuhkit89.40.127.231:80
2016-11-20 08:09:034fb7b7f3f382b7e82edb4fbe704d217an/aTuhkit89.40.127.231:80
2016-11-20 04:47:54ac5c01797c3aabef08c28cc23cde3eefVirustotal results 21/57 (36.84%) Tuhkit89.40.127.231:80
2016-11-20 04:47:54ac5c01797c3aabef08c28cc23cde3eefVirustotal results 21/57 (36.84%) Tuhkit89.40.127.231:80
2016-11-20 03:06:24499a9c1c80fa907893d4e5cbbbf7681cn/aTuhkit89.40.127.231:80
2016-11-20 03:06:24499a9c1c80fa907893d4e5cbbbf7681cn/aTuhkit89.40.127.231:80
2016-11-20 01:57:55982b2eaa8d2b451872fac289d0c572adn/aTuhkit89.40.127.231:80
2016-11-20 01:57:55982b2eaa8d2b451872fac289d0c572adn/aTuhkit89.40.127.231:80
2016-11-19 17:29:58e166840d0e7a795708fca544b83e1236Virustotal results 20/57 (35.09%) Tuhkit89.40.127.231:80
2016-11-19 17:29:58e166840d0e7a795708fca544b83e1236Virustotal results 20/57 (35.09%) Tuhkit89.40.127.231:80