PikaBot Trojan IOCs - Part 4

Pikabot - новое семейство вредоносных программ, состоящее из загрузчика/установщика, загрузчика и основного компонента бэкдора. Несмотря на раннюю стадию разработки, оно уже демонстрирует передовые техники уклонения, внедрения и антианализа.

Indicators of Compromise

IPv4 Port Combinations

• 154.221.30.136:13724

URLs

• http://104.238.156.73/vXS/Uvula
• http://128.140.101.167/Dfqix/unhoa
• http://49.12.245.25/Lww9L3/matac
• http://49.13.119.230/6aZE/Hemio
• http://49.13.28.84/mr0J/pupil
• https://154.221.30.136/
• https://154.221.30.136:13724
• https://154.221.30.136:13724/interlopedParabolically/7Yt6ScQ2bs3NtweY?BowspritTympanicity=DVU77
• https://65.20.84.254:13783/DecussoriumAprioristic/aj1sEe8eFDbHUUY2N?UnbledUnfatigueable=Primmed&wagwag=flittingUnregrettably&protanomalyBichir=Davies
• https://donbor.com.br/si/?84048841
• https://fivestareducationgroup.com/lver//?jdSyqVOhiGAX=1699288963
• https://fivestareducationgroup.com/lver/?69731251
• https://inverex.com.pk/quia//?IqXM=1698960312
• https://inverex.com.pk/quia/?58438841
• https://jarbsalud.com.co/aa//?bfNpafEYEQm=1698960100
• https://jarbsalud.com.co/aa/?46068841
• https://lynays.net/siti//?tXljRP=1699042227
• https://lynays.net/siti/?54355941
• https://mgctkcoga.org/sec//?jycZBg=1698960225
• https://mgctkcoga.org/sec/?77168841
• https://mysolutionsoftware.com/aco/?68838841
• https://ptysm.org.np/eq/?15148841
• https://spbinan.com/rie//?x7pR8Wu2w=1699288939
• https://spbinan.com/rie/?00241251
• https://watfordspringschool.org.ng/mee//?9ft=1699288947
• https://watfordspringschool.org.ng/mee/?04831251
• https://wesea-it.com/mxad//?kmlvZseXNdO9=1698960182
• https://wesea-it.com/mxad/?31958841

Emails

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

MD5

• 01ad81f9918c9a72ca424967de37cd5b
• 02123bf9c1c0877f1dba729d28cb4d35
• 047e8e49049fd7ed3b3a900e6e023ed2
• 12a040b0f8171059c97a313db952373b
• 162a341eabd9dc9fabf1c7bd22684da5
• 2aec462f59726900b18a4ad095673b21
• 3c12ed086a93c1819f7dd7bc4a1f0c84
• 3c1fe1e91084d4906ac96f45ed60f962
• 3e15d02d755334d0989974c08d9735e5
• 4005c23ccbb3f0472722d403dac8397a
• 406e43a137ec7f87324f5d6c7e2be275
• 422b0d84caf77267fdd4e78645b5e2eb
• 4939592681c1a85575e7d02f896b202a
• 4dcb06a7c1660c0618344599c633906b
• 5310011aa6bba237196a7d232ba7299a
• 57cbaf3e3d8e3a9eb713f15b6c1d575b
• 5b89817b41f85dbb7ee824b6cf0f427c
• 5ea3957164ffddf8fd33d50bfa4495a4
• 5f2a252615980e56d8e9992527f776af
• 5f88b2dc7debd8d0a44fe1d91b6b15a0
• 669075d89e3365c10b4860db151db749
• 6e0f012480b2b78cffcf2b4d73519bb4
• 72683d05cc1b8d981aa787626b6f51e9
• 82c5c189d93f05874c74699bcb43d27a
• 879616916a4a680414a1865113b18737
• 8b7f8e46636a4ff070895d6945521cd8
• 9034ea0abf21b82434289b86445ebea1
• 9629bf66e6fbb0a0db4ba494f214799d
• 9910b3117e4d1268771e4282fbfab6fe
• 9a038c41f9892005c5dea9539c03c7f9
• 9cb53da3934a51c02fb5aa6bc4a74721
• b2951a22deef954fbb52390b4d137030
• b2e27f99f9100d8ef477727a58fb81a2
• b44ffed1c2856633f234b0b97e7571d0
• b4671f97a0a018a3255131270f34da2e
• b8eab843bcd27fdc5ad014b17e7416b7
• c572152fc04b8382f6875f74b0bb6eca
• f120fd2c14adbd926a87625d7980721f
• fbdfbeb3199c1cfa796b7a059d637b85
• fe0a4fbe1a1e7b79ccb928b86986b8fa