PikaBot Trojan IOCs - Part 13

remote access Trojan IOC
Опубликовано

Pikabot - новое семейство вредоносных программ, состоящее из загрузчика/установщика, загрузчика и основного компонента бэкдора. Несмотря на раннюю стадию разработки, оно уже демонстрирует передовые техники уклонения, внедрения и антианализа.

Indicators of Compromise

IPv4 Port Combinations

  • 103.82.243.5:13785
  • 104.129.55.103:2224
  • 104.129.55.104:2223
  • 104.129.55.105:2223
  • 104.129.55.106:13783
  • 104.156.233.235:2226
  • 108.61.78.17:13783
  • 131.153.231.178:2221
  • 139.84.237.229:2967
  • 155.138.147.62:2223
  • 158.220.80.157:9785
  • 158.220.80.167:2967
  • 172.232.162.97:13783
  • 172.232.189.10:1194
  • 172.232.189.219:2224
  • 178.18.246.136:2078
  • 198.44.187.12:2224
  • 23.226.138.143:2083
  • 23.226.138.161:5242
  • 37.60.242.85:9785
  • 37.60.242.86:2967
  • 45.32.21.184:5242
  • 45.32.248.100:2226
  • 45.76.251.190:5631
  • 65.20.66.218:5938
  • 85.239.243.155:5000
  • 86.38.225.105:13721
  • 86.38.225.106:2221
  • 86.38.225.109:13724
  • 95.179.135.3:2225
  • 95.179.191.137:5938

URLs

  • https://158.220.80.167:2967/api/admin.apps.requests.list
  • https://158.220.80.167:2967/api/admin.apps.restrict
  • https://158.220.80.167:2967/api/admin.conversations.invite
  • https://158.220.80.167:2967/api/admin.conversations.restrictAccess.removeGroup
  • https://158.220.80.167:2967/api/admin.conversations.setTeams
  • https://158.220.80.167:2967/api/admin.conversations.unarchive
  • https://158.220.80.167:2967/api/admin.emoji.add
  • https://158.220.80.167:2967/api/admin.inviteRequests.approved.list
  • https://158.220.80.167:2967/api/admin.teams.admins.list
  • https://158.220.80.167:2967/api/admin.teams.settings.setIcon
  • https://158.220.80.167:2967/api/admin.usergroups.addTeams
  • https://158.220.80.167:2967/api/admin.usergroups.removeChannels
  • https://158.220.80.167:2967/api/admin.users.list
  • https://158.220.80.167:2967/api/admin.users.session.reset
  • https://158.220.80.167:2967/api/admin.users.setOwner
  • https://158.220.80.167:2967/api/apps.permissions.users.request
  • https://178.18.246.136:2078
  • https://178.18.246.136:2078/api/admin.apps.requests.list
  • https://178.18.246.136:2078/api/admin.apps.restrict
  • https://178.18.246.136:2078/api/admin.conversations.invite
  • https://178.18.246.136:2078/api/admin.conversations.unarchive
  • https://178.18.246.136:2078/api/admin.usergroups.removeChannels
  • https://178.18.246.136:2078/api/admin.users.list
  • https://178.18.246.136:2078/api/admin.users.session.reset
  • https://178.18.246.136:2078/api/apps.permissions.users.request
  • https://23.226.138.143:2083
  • https://23.226.138.143:2083/api/admin.apps.requests.list
  • https://23.226.138.143:2083/api/admin.apps.restrict
  • https://23.226.138.143:2083/api/admin.conversations.unarchive
  • https://23.226.138.143:2083/api/admin.usergroups.addTeams
  • https://23.226.138.143:2083/api/admin.usergroups.removeChannels
  • https://23.226.138.143:2083/api/admin.users.list
  • https://23.226.138.143:2083/api/admin.users.session.reset
  • https://23.226.138.143:2083/api/apps.permissions.users.request
  • https://23.226.138.161:5242
  • https://23.226.138.161:5242/api/admin.apps.requests.list
  • https://23.226.138.161:5242/api/admin.apps.restrict
  • https://23.226.138.161:5242/api/admin.conversations.invite
  • https://23.226.138.161:5242/api/admin.conversations.unarchive
  • https://23.226.138.161:5242/api/admin.usergroups.addTeams
  • https://23.226.138.161:5242/api/admin.usergroups.removeChannels
  • https://23.226.138.161:5242/api/admin.users.list
  • https://23.226.138.161:5242/api/admin.users.setOwner
  • https://23.226.138.161:5242/api/apps.permissions.users.request
  • https://37.60.242.85:9785
  • https://37.60.242.85:9785/api/admin.apps.requests.list
  • https://37.60.242.85:9785/api/admin.apps.restrict
  • https://37.60.242.85:9785/api/admin.conversations.setTeams
  • https://37.60.242.85:9785/api/admin.conversations.unarchive
  • https://37.60.242.85:9785/api/admin.usergroups.addTeams
  • https://37.60.242.85:9785/api/admin.usergroups.removeChannels
  • https://37.60.242.85:9785/api/admin.users.list
  • https://37.60.242.85:9785/api/admin.users.session.reset
  • https://37.60.242.85:9785/api/admin.users.setOwner
  • https://37.60.242.85:9785/api/apps.permissions.users.request
  • https://37.60.242.86:2967
  • https://37.60.242.86:2967/api/admin.apps.requests.list
  • https://37.60.242.86:2967/api/admin.apps.restrict
  • https://37.60.242.86:2967/api/admin.conversations.invite
  • https://37.60.242.86:2967/api/admin.conversations.setTeams
  • https://37.60.242.86:2967/api/admin.conversations.unarchive
  • https://37.60.242.86:2967/api/admin.usergroups.addTeams
  • https://37.60.242.86:2967/api/admin.usergroups.removeChannels
  • https://37.60.242.86:2967/api/admin.users.list
  • https://37.60.242.86:2967/api/admin.users.session.reset
  • https://37.60.242.86:2967/api/apps.permissions.users.request
  • https://85.239.243.155:5000
  • https://85.239.243.155:5000/api/admin.apps.restrict
  • https://85.239.243.155:5000/api/admin.conversations.invite
  • https://85.239.243.155:5000/api/admin.conversations.setTeams
  • https://85.239.243.155:5000/api/admin.conversations.unarchive
  • https://85.239.243.155:5000/api/admin.usergroups.removeChannels
  • https://85.239.243.155:5000/api/admin.users.list
  • https://85.239.243.155:5000/api/admin.users.session.reset
  • https://85.239.243.155:5000/api/admin.users.setOwner
  • https://85.239.243.155:5000/api/apps.permissions.users.request
  • https://86.38.225.105:13721
  • https://86.38.225.106:2221
  • https://86.38.225.108:2226
  • https://allstocksinc.com/YDr/0.16553226537255283.dat
  • https://berringtonnews.com/0bvKZ/0.16410464051883017.dat
  • https://cursosrdg.ccr.edu.pe/9nqrm/
  • https://ealthygradi.com/tS5/0.02608313237231047.dat
  • https://entrevientos.com.ar/ccq/
  • https://finderunion.com/CVv/0.7619553765651503.dat
  • https://gloverstech.com/tJWz9/0.765330512761959.dat
  • https://muellerinfo.com/vnO/0.8133462062125514.dat
  • https://musicclubcompany.com/zmd/0.015044926305028627.dat
  • https://professionalficars.com/t6F5Gi/0.04171104253786617.dat
  • https://toptrinityblog.com/VUIhcGp/0.9941106282398995.dat
  • https://wealthygradi.com/tS5/0.02608313237231047.dat

MD5

  • 79695808028c2494541535419610a4e0

SHA256

  • 1626880b917b7f5756109dcb6533a5dbae859ccd841554e5bdb6c602cc3a9226
  • 184e53af04ff158a22facbe4499694223462bfed7d6c96e83ec1be69272348e4
  • 19c825e3348a7b74f041f1143d3cc3066635df04d452bdf715593fa3851b38c8
  • 2f66fb872c9699e04e54e5eaef982784b393a5ea260129a1e2484dd273a5a88b
  • 48a03463a38e7e382946f28d6fd335fe9dd04fa361ee2aea2c591d97fd630c18
  • 555687ca3149e23ee980a3acf578e0572da556cf34c87aecf48596834d6b496f
  • 7b1c5147c903892f8888f91c98097c89e419ddcc89958a33e294e6dd192b6d4e
  • 88c88cb96ee1124683bc3518d2dccb529bd850e7cec402db8839782995a63117
  • 97fdebbe05a8a73c836256ae806a398f1af220dd9b384b1e2af83de19bfa7a71
  • 9e22ec6b12cda4c1de28a8b8b074a05c56ffaaa120b3f2bb841b32492cfb6d0a
  • a4b2b440a8786db994d20dc3c92c534df6c137a24207bdeea07de1fabe1f0fa3
  • a5158b335fc845c92e42d537659efff4f389c5c8b3a2e097be6d4c1cbe11a618
  • a76ea4031064781902050026aabd55cc510577e3d31ca5908e92a35129cc2ce0
  • aadb6ae3b04b8940f2cc2c65152d9b602bc3f7f8f7809985593149f6e3c7cc83
  • aed10cee78c2d2726eccb73d9c248f53f87185492518bdd02c6de94b4087367d
  • b758b935fc420e334d8afdff6dee8253bcdf4b107183b2ad1f32f9f9dd47e0f1
  • ca5fb5814ec62c8f04936740aabe2664b3c7d036203afbd8425cd67cf1f4b79d
  • ce616c5d472d8d22169e1cabd8c99a511394b1c28febc944f427137a0354e8db
  • d26ab01b293b2d439a20d1dffc02a5c9f2523446d811192836e26d370a34d1b4
  • d4bc0db353dd0051792dd1bfd5a286d3f40d735e21554802978a97599205bd04
  • f4be945a6678a11bc4d2e3819cba8b91665eaf99e152cf0348e16d1fd94b2e75
  • f67e4bf479953e933376bcce241dd1eb6fe0700718a051466e15a7826cd1360b
Похожие записи:
  1. PikaBot Trojan IOCs
  2. PikaBot Trojan IOCs - Part 2
  3. PikaBot Trojan IOCs - Part 3
  4. PikaBot Trojan IOCs - Part 4
  5. PikaBot Trojan IOCs - Part 5
PikaBot trojan
Добавить комментарий