Pikabot - новое семейство вредоносных программ, состоящее из загрузчика/установщика, загрузчика и основного компонента бэкдора. Несмотря на раннюю стадию разработки, оно уже демонстрирует передовые техники уклонения, внедрения и антианализа.
Indicators of Compromise
URLs
- http://77.245.76.113/1s6iL/BtCxD
- https://103.82.243.5:13785/
- https://103.82.243.5:13785/api/admin.usergroups.addChannels
- https://108.61.78.17:13783/
- https://108.61.78.17:13783/api/admin.conversations.ekm.listOriginalConnectedChannelInfo
- https://108.61.78.17:13783/api/apps.permissions.scopes.list
- https://131.153.231.178:2221/
- https://131.153.231.178:2221/api/admin.teams.admins.list
- https://155.138.147.62:2223/
- https://155.138.147.62:2223/api/admin.teams.admins.list
- https://172.232.162.97:13783/
- https://172.232.162.97:13783/api/admin.apps.restricted.list
- https://172.232.162.97:13783/api/api.test
- https://172.232.189.10:1194/
- https://172.232.189.10:1194/api/admin.inviteRequests.denied.list
- https://172.232.189.219:2224/
- https://172.232.189.219:2224/api/apps.permissions.users.list
- https://37.60.242.85:9785/
- https://37.60.242.85:9785/api/admin.conversations.restrictAccess.addGroup
- https://45.76.251.190:5631/
- https://45.76.251.190:5631/api/admin.inviteRequests.list
- https://86.38.225.105:13721/
- https://86.38.225.105:13721/api/admin.teams.settings.setDiscoverability
- https://86.38.225.105:13721/api/apps.permissions.users.list
- https://86.38.225.106:2221/
- https://86.38.225.106:2221/api/admin.conversations.ekm.listOriginalConnectedChannelInfo
- https://86.38.225.109:13724/
- https://86.38.225.109:13724/api/admin.inviteRequests.deny
- https://95.179.135.3:2225/
- https://95.179.135.3:2225/api/admin.teams.settings.setDiscoverability
Emails
- mhermann@functionsandcatering.com
- pdyrsu@kayclaudy.ht
- zconroy@poupaqui.pt
MD5
- 17f3eddc10916861d1a2d7e961eb6561
- 39c90b991a0f36ff8b84e55886ca08d4
- 874b9805a469517c1ff472f44b0fe5c8
- 9077167ffc15a50f701533f177562c1e
- ec608a648c66a3574d282f818a5105a2