PikaBot Trojan IOCs - Part 8

Pikabot - новое семейство вредоносных программ, состоящее из загрузчика/установщика, загрузчика и основного компонента бэкдора. Несмотря на раннюю стадию разработки, оно уже демонстрирует передовые техники уклонения, внедрения и антианализа.

Indicators of Compromise

IPv4 Port Combinations

• 172.232.188.4:2226
• 172.232.189.166:1194
• 45.56.71.218:13724

URLs

• https://109.123.227.174:23399/outvoyagingPrerogative/X4bXhJeIfqsfMSyG?aromataPodiatry=MimotypicDissuading
• https://149.28.252.250:5000/unbosom/1WqM4mFBGRWNDnhRL?octapody=qmucyR1K8&BackswordmenGasconading=wnKWOTlSua&Reindeer=Photodromy
• https://154.221.30.136:13724/outvoyagingPrerogative/X4bXhJeIfqsfMSyG?aromataPodiatry=MimotypicDissuading
• https://154.221.30.136:13724/unbosom/1WqM4mFBGRWNDnhRL?octapody=qmucyR1K8&BackswordmenGasconading=wnKWOTlSua&Reindeer=Photodromy
• https://154.38.185.132:13786/unbosom/1WqM4mFBGRWNDnhRL?octapody=qmucyR1K8&BackswordmenGasconading=wnKWOTlSua&Reindeer=Photodromy
• https://154.38.185.135:13782/outvoyagingPrerogative/X4bXhJeIfqsfMSyG?aromataPodiatry=MimotypicDissuading
• https://154.38.185.135:13782/unbosom/1WqM4mFBGRWNDnhRL?octapody=qmucyR1K8&BackswordmenGasconading=wnKWOTlSua&Reindeer=Photodromy
• https://154.38.185.136:5243/outvoyagingPrerogative/X4bXhJeIfqsfMSyG?aromataPodiatry=MimotypicDissuading
• https://154.38.185.138:13786/outvoyagingPrerogative/X4bXhJeIfqsfMSyG?aromataPodiatry=MimotypicDissuading
• https://154.38.185.138:13786/unbosom/1WqM4mFBGRWNDnhRL?octapody=qmucyR1K8&BackswordmenGasconading=wnKWOTlSua&Reindeer=Photodromy
• https://172.232.172.171:13721/outvoyagingPrerogative/X4bXhJeIfqsfMSyG?aromataPodiatry=MimotypicDissuading
• https://172.232.189.134:2221/outvoyagingPrerogative/X4bXhJeIfqsfMSyG?aromataPodiatry=MimotypicDissuading
• https://172.232.189.134:2221/unbosom/1WqM4mFBGRWNDnhRL?octapody=qmucyR1K8&BackswordmenGasconading=wnKWOTlSua&Reindeer=Photodromy
• https://172.232.189.141:2078/outvoyagingPrerogative/X4bXhJeIfqsfMSyG?aromataPodiatry=MimotypicDissuading
• https://172.232.54.192:2224/Pashaship/Y7FfckjVh26GlV7TK?geryonidCentripetal=Mc9DDT&colloquize=YRO0RvD&devilyTricosyl=CoronetedMatweed
• https://172.232.7.224:9785/unbosom/1WqM4mFBGRWNDnhRL?octapody=qmucyR1K8&BackswordmenGasconading=wnKWOTlSua&Reindeer=Photodromy
• https://172.234.224.202:13785/outvoyagingPrerogative/X4bXhJeIfqsfMSyG?aromataPodiatry=MimotypicDissuading
• https://185.187.235.158:23399/outvoyagingPrerogative/X4bXhJeIfqsfMSyG?aromataPodiatry=MimotypicDissuading
• https://185.187.235.158:23399/unbosom/1WqM4mFBGRWNDnhRL?octapody=qmucyR1K8&BackswordmenGasconading=wnKWOTlSua&Reindeer=Photodromy
• https://208.76.221.253:13724/Pashaship/Y7FfckjVh26GlV7TK?geryonidCentripetal=Mc9DDT&colloquize=YRO0RvD&devilyTricosyl=CoronetedMatweed
• https://23isback.us/uypai/?53654881
• https://45.33.15.215:2967/Pashaship/Y7FfckjVh26GlV7TK?geryonidCentripetal=Mc9DDT&colloquize=YRO0RvD&devilyTricosyl=CoronetedMatweed
• https://45.56.71.218:13724/GarbureRustred/cOm3SjHPWZsK6N?GlazenUrticant=3xPYca&Fatidically=nRHPbgirYJD&Moutan=underlooker
• https://45.76.96.172:2223/GarbureRustred/cOm3SjHPWZsK6N?GlazenUrticant=3xPYca&Fatidically=nRHPbgirYJD&Moutan=underlooker
• https://46.250.253.58:5243/unbosom/1WqM4mFBGRWNDnhRL?octapody=qmucyR1K8&BackswordmenGasconading=wnKWOTlSua&Reindeer=Photodromy
• https://51.161.81.190:13721/GarbureRustred/cOm3SjHPWZsK6N?GlazenUrticant=3xPYca&Fatidically=nRHPbgirYJD&Moutan=underlooker
• https://69.164.213.141:5631/Pashaship/Y7FfckjVh26GlV7TK?geryonidCentripetal=Mc9DDT&colloquize=YRO0RvD&devilyTricosyl=CoronetedMatweed
• https://78.141.200.111:5938/GarbureRustred/cOm3SjHPWZsK6N?GlazenUrticant=3xPYca&Fatidically=nRHPbgirYJD&Moutan=underlooker
• https://78.141.223.212:1194/Pashaship/Y7FfckjVh26GlV7TK?geryonidCentripetal=Mc9DDT&colloquize=YRO0RvD&devilyTricosyl=CoronetedMatweed
• https://89.117.55.178:2083/unbosom/1WqM4mFBGRWNDnhRL?octapody=qmucyR1K8&BackswordmenGasconading=wnKWOTlSua&Reindeer=Photodromy
• https://95.179.247.197:13782/Pashaship/Y7FfckjVh26GlV7TK?geryonidCentripetal=Mc9DDT&colloquize=YRO0RvD&devilyTricosyl=CoronetedMatweed
• https://afrosai.org/k89/?40654881
• https://airtimetradersltd.co.ke/ah1pkc//?mvMhlvp0cOQ=1703090972
• https://airtimetradersltd.co.ke/ah1pkc/?75271091
• https://bajarangabali.com.np/OW8i/66306813
• https://bajarangabali.com.np/OW8i66306813
• https://banyokazani.com/u3v//?HVmoBjC=1702925719
• https://banyokazani.com/u3v/?76754881
• https://betonsilimmakinasi.com.tr/v3c//?ouKsymEg=1703090974
• https://betonsilimmakinasi.com.tr/v3c/?89371091
• https://buildmateindia.com/yPS3F6/968317388
• https://catalogue-kiabi.ma/uvg7//?WEPhj7sfFyqz=1703090973
• https://catalogue-kiabi.ma/uvg7/?37481091
• https://cckhp.edu.pk/3s93//?AMvOic=1702925718
• https://cckhp.edu.pk/3s93/?83554881
• https://falmeida-solicitador.com.pt/p0umxv//?bekaccD=1703090974
• https://falmeida-solicitador.com.pt/p0umxv/?71191091
• https://gofly.id/P9g/0.45320443521018944.dat
• https://golcularhurda.com.tr/gbuwv//?CKSZJHXXP2=1703090973
• https://golcularhurda.com.tr/gbuwv/?74391091
• https://grehlingerssealcoating.com/3hidbt/0.714417294473205.dat
• https://gujaratidayro.in/96zbc//?WIrDQwtB=1703090972
• https://gujaratidayro.in/96zbc/?47091091
• https://holyrosaryinternational.com/N1H3/0.3352056583612402.dat
• https://israrliaqat.com/6wX4/0.5887057656277896.dat
• https://jomarine-services.com/34n6lk/?91454881
• https://konyanakliyatambari.com/szv//?UrNdIMRj=1703090973
• https://konyanakliyatambari.com/szv/?51981091
• https://lepetithotel.cl/pwjf//?fHrhvlBa0i=1702925718
• https://lepetithotel.cl/pwjf/?00454881
• https://mediatrans9.com/kmo/?87681091
• https://mirzajans.com/97ni//?9SwzPL5=1703090972
• https://mirzajans.com/97ni/?52491091
• https://paldiengineering.com/8WjmD9n/0.7676428391518275.dat
• https://reg.oiu.edu.sd/p10f/?56723981
• https://saeedalkarmi.com/aT2ja9/0.6912414572852581.dat
• https://theyolarbi.com/frqob8//?YogBUrAUnxhm=1703174069
• https://theyolarbi.com/frqob8/?42930191
• https://trenierad.com/1pBo3/371989961
• https://unimedic.hr/wttsg//?H3xomHE=1703001334
• https://unimedic.hr/wttsg/?03403981
• https://universty.org/wrpdj//?JifZ=1703090972
• https://universty.org/wrpdj/?15491091
• https://vindeciumbrud.ro/wte//?h32=1702914831
• https://vindeciumbrud.ro/wte/?15244881

Emails

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

MD5

• 08a8172f5281aad3513f3b84851728db
• 0ca1449149c9ec557942a98c31ef3c42
• 15b9614f3f26dde77236f8ef6a76729a
• 1ba8353bc3209f3a79812a742105e53b
• 1d4cce268282d8006eb77d0bd8be97f4
• 2d1310b4a6f990135fd9e0159f1e016e
• 40c404104519036cfdbe911e9db0075c
• 457a349e081be1a941f27773a9086abc
• 4b14f6ef9cb2e8061c8cdb89d1df5711
• 5d8abf437bf89325cbb9fcec1fbc0910
• 5fafdd04d2235a3b54684f544d51f620
• 705d1c43c43f5b7090fd8b28e8b522bb
• 7432f0847833ee259e66ae20fe132f61
• 751f69f129b24295751a904d4bc3e74a
• 77c4dba8831adb069997e7e02824052f
• 78fd284097d4bec5323fb252ecca1757
• 874147cfee04d92487a7c080f971c002
• 8752472e1730980b97a2e01b7f24a9da
• 87ee6391a6dfd87f94f4fb8a9560cfab
• a4dbfd6aef3b4045fe61aa0146debdf8
• a8d41790713c93d2b2e92a74cb335e96
• b8dbd3b7556d01d6dd83bd9efd1291ed
• c464e4486a6b4273ec371d7d8e475961
• c63d3267ce0a131725ee1f65a98d89c4
• cd050b6adf647c37d61583cf16c959be
• d3bf4b7275113bd862d5c3518440dfae
• d8e948c56c40f9b50f1e5c763345b69a
• ddb0bce5a7f168d84e206e6366e946c3
• e9bc9f88e7f61dd8260bfb2f3c6381ab
• ed74d1ec893ced4fe360b18b8901da7b
• f3a682b07d8a12eb1d7b696662922b64
• f64fe4b8a52e5edb40af864c4f97c22c
• f6df578517f36ba68b33dd18f86c32a7