Pikabot - новое семейство вредоносных программ, состоящее из загрузчика/установщика, загрузчика и основного компонента бэкдора. Несмотря на раннюю стадию разработки, оно уже демонстрирует передовые техники уклонения, внедрения и антианализа.
Indicators of Compromise
IPv4 Port Combinations
- 103.82.243.5:13785
- 104.129.55.103:2224
- 104.129.55.104:2223
- 104.129.55.105:2223
- 104.129.55.106:13783
- 104.156.233.235:2226
- 108.61.78.17:13783
- 131.153.231.178:2221
- 139.84.237.229:2967
- 155.138.147.62:2223
- 158.220.80.157:9785
- 158.220.80.167:2967
- 172.232.162.97:13783
- 172.232.189.10:1194
- 172.232.189.219:2224
- 178.18.246.136:2078
- 198.44.187.12:2224
- 23.226.138.143:2083
- 23.226.138.161:5242
- 37.60.242.85:9785
- 37.60.242.86:2967
- 45.32.21.184:5242
- 45.32.248.100:2226
- 45.76.251.190:5631
- 65.20.66.218:5938
- 85.239.243.155:5000
- 86.38.225.105:13721
- 86.38.225.106:2221
- 86.38.225.109:13724
- 95.179.135.3:2225
- 95.179.191.137:5938
URLs
- https://158.220.80.167:2967/api/admin.apps.requests.list
- https://158.220.80.167:2967/api/admin.apps.restrict
- https://158.220.80.167:2967/api/admin.conversations.invite
- https://158.220.80.167:2967/api/admin.conversations.restrictAccess.removeGroup
- https://158.220.80.167:2967/api/admin.conversations.setTeams
- https://158.220.80.167:2967/api/admin.conversations.unarchive
- https://158.220.80.167:2967/api/admin.emoji.add
- https://158.220.80.167:2967/api/admin.inviteRequests.approved.list
- https://158.220.80.167:2967/api/admin.teams.admins.list
- https://158.220.80.167:2967/api/admin.teams.settings.setIcon
- https://158.220.80.167:2967/api/admin.usergroups.addTeams
- https://158.220.80.167:2967/api/admin.usergroups.removeChannels
- https://158.220.80.167:2967/api/admin.users.list
- https://158.220.80.167:2967/api/admin.users.session.reset
- https://158.220.80.167:2967/api/admin.users.setOwner
- https://158.220.80.167:2967/api/apps.permissions.users.request
- https://178.18.246.136:2078
- https://178.18.246.136:2078/api/admin.apps.requests.list
- https://178.18.246.136:2078/api/admin.apps.restrict
- https://178.18.246.136:2078/api/admin.conversations.invite
- https://178.18.246.136:2078/api/admin.conversations.unarchive
- https://178.18.246.136:2078/api/admin.usergroups.removeChannels
- https://178.18.246.136:2078/api/admin.users.list
- https://178.18.246.136:2078/api/admin.users.session.reset
- https://178.18.246.136:2078/api/apps.permissions.users.request
- https://23.226.138.143:2083
- https://23.226.138.143:2083/api/admin.apps.requests.list
- https://23.226.138.143:2083/api/admin.apps.restrict
- https://23.226.138.143:2083/api/admin.conversations.unarchive
- https://23.226.138.143:2083/api/admin.usergroups.addTeams
- https://23.226.138.143:2083/api/admin.usergroups.removeChannels
- https://23.226.138.143:2083/api/admin.users.list
- https://23.226.138.143:2083/api/admin.users.session.reset
- https://23.226.138.143:2083/api/apps.permissions.users.request
- https://23.226.138.161:5242
- https://23.226.138.161:5242/api/admin.apps.requests.list
- https://23.226.138.161:5242/api/admin.apps.restrict
- https://23.226.138.161:5242/api/admin.conversations.invite
- https://23.226.138.161:5242/api/admin.conversations.unarchive
- https://23.226.138.161:5242/api/admin.usergroups.addTeams
- https://23.226.138.161:5242/api/admin.usergroups.removeChannels
- https://23.226.138.161:5242/api/admin.users.list
- https://23.226.138.161:5242/api/admin.users.setOwner
- https://23.226.138.161:5242/api/apps.permissions.users.request
- https://37.60.242.85:9785
- https://37.60.242.85:9785/api/admin.apps.requests.list
- https://37.60.242.85:9785/api/admin.apps.restrict
- https://37.60.242.85:9785/api/admin.conversations.setTeams
- https://37.60.242.85:9785/api/admin.conversations.unarchive
- https://37.60.242.85:9785/api/admin.usergroups.addTeams
- https://37.60.242.85:9785/api/admin.usergroups.removeChannels
- https://37.60.242.85:9785/api/admin.users.list
- https://37.60.242.85:9785/api/admin.users.session.reset
- https://37.60.242.85:9785/api/admin.users.setOwner
- https://37.60.242.85:9785/api/apps.permissions.users.request
- https://37.60.242.86:2967
- https://37.60.242.86:2967/api/admin.apps.requests.list
- https://37.60.242.86:2967/api/admin.apps.restrict
- https://37.60.242.86:2967/api/admin.conversations.invite
- https://37.60.242.86:2967/api/admin.conversations.setTeams
- https://37.60.242.86:2967/api/admin.conversations.unarchive
- https://37.60.242.86:2967/api/admin.usergroups.addTeams
- https://37.60.242.86:2967/api/admin.usergroups.removeChannels
- https://37.60.242.86:2967/api/admin.users.list
- https://37.60.242.86:2967/api/admin.users.session.reset
- https://37.60.242.86:2967/api/apps.permissions.users.request
- https://85.239.243.155:5000
- https://85.239.243.155:5000/api/admin.apps.restrict
- https://85.239.243.155:5000/api/admin.conversations.invite
- https://85.239.243.155:5000/api/admin.conversations.setTeams
- https://85.239.243.155:5000/api/admin.conversations.unarchive
- https://85.239.243.155:5000/api/admin.usergroups.removeChannels
- https://85.239.243.155:5000/api/admin.users.list
- https://85.239.243.155:5000/api/admin.users.session.reset
- https://85.239.243.155:5000/api/admin.users.setOwner
- https://85.239.243.155:5000/api/apps.permissions.users.request
- https://86.38.225.105:13721
- https://86.38.225.106:2221
- https://86.38.225.108:2226
- https://allstocksinc.com/YDr/0.16553226537255283.dat
- https://berringtonnews.com/0bvKZ/0.16410464051883017.dat
- https://cursosrdg.ccr.edu.pe/9nqrm/
- https://ealthygradi.com/tS5/0.02608313237231047.dat
- https://entrevientos.com.ar/ccq/
- https://finderunion.com/CVv/0.7619553765651503.dat
- https://gloverstech.com/tJWz9/0.765330512761959.dat
- https://muellerinfo.com/vnO/0.8133462062125514.dat
- https://musicclubcompany.com/zmd/0.015044926305028627.dat
- https://professionalficars.com/t6F5Gi/0.04171104253786617.dat
- https://toptrinityblog.com/VUIhcGp/0.9941106282398995.dat
- https://wealthygradi.com/tS5/0.02608313237231047.dat
MD5
- 79695808028c2494541535419610a4e0
SHA256
- 1626880b917b7f5756109dcb6533a5dbae859ccd841554e5bdb6c602cc3a9226
- 184e53af04ff158a22facbe4499694223462bfed7d6c96e83ec1be69272348e4
- 19c825e3348a7b74f041f1143d3cc3066635df04d452bdf715593fa3851b38c8
- 2f66fb872c9699e04e54e5eaef982784b393a5ea260129a1e2484dd273a5a88b
- 48a03463a38e7e382946f28d6fd335fe9dd04fa361ee2aea2c591d97fd630c18
- 555687ca3149e23ee980a3acf578e0572da556cf34c87aecf48596834d6b496f
- 7b1c5147c903892f8888f91c98097c89e419ddcc89958a33e294e6dd192b6d4e
- 88c88cb96ee1124683bc3518d2dccb529bd850e7cec402db8839782995a63117
- 97fdebbe05a8a73c836256ae806a398f1af220dd9b384b1e2af83de19bfa7a71
- 9e22ec6b12cda4c1de28a8b8b074a05c56ffaaa120b3f2bb841b32492cfb6d0a
- a4b2b440a8786db994d20dc3c92c534df6c137a24207bdeea07de1fabe1f0fa3
- a5158b335fc845c92e42d537659efff4f389c5c8b3a2e097be6d4c1cbe11a618
- a76ea4031064781902050026aabd55cc510577e3d31ca5908e92a35129cc2ce0
- aadb6ae3b04b8940f2cc2c65152d9b602bc3f7f8f7809985593149f6e3c7cc83
- aed10cee78c2d2726eccb73d9c248f53f87185492518bdd02c6de94b4087367d
- b758b935fc420e334d8afdff6dee8253bcdf4b107183b2ad1f32f9f9dd47e0f1
- ca5fb5814ec62c8f04936740aabe2664b3c7d036203afbd8425cd67cf1f4b79d
- ce616c5d472d8d22169e1cabd8c99a511394b1c28febc944f427137a0354e8db
- d26ab01b293b2d439a20d1dffc02a5c9f2523446d811192836e26d370a34d1b4
- d4bc0db353dd0051792dd1bfd5a286d3f40d735e21554802978a97599205bd04
- f4be945a6678a11bc4d2e3819cba8b91665eaf99e152cf0348e16d1fd94b2e75
- f67e4bf479953e933376bcce241dd1eb6fe0700718a051466e15a7826cd1360b