Skip to content

Commit

Permalink
Updated 2023-12-15-IOCs-for-TA577-Pikabot-infection.txt
Browse files Browse the repository at this point in the history
  • Loading branch information
@brad-duncan
brad-duncan authored Dec 15, 2023
1 parent 3c34049 commit 3a0ddb8
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion 2023-12-15-IOCs-for-TA577-Pikabot-infection.txt
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
2023-12-15 (FRIDAY): TA577 PIKABOT INFECTION

REFERENCES:

- https://www.linkedin.com/posts/unit42_ta577-pikabot-timelythreatintel-activity-7141526098479149056-6DCW
- https://twitter.com/Unit42_Intel/status/1735760477391552670

INFECTION CHAIN OF EVENTS:

- TA577 email --> link --> downloaded zip --> js file --> retrieves and runs Pikabot DLL --> Pikabot C2
Expand Down Expand Up @@ -69,4 +74,4 @@ PIKABOT C2 TRAFFIC:
- 139.99.222[.]29 port 5631 - attempted TCP connections
- 141.95.108[.]252 port 2078 - HTTPS traffic
- 154.211.12[.]126 port 2967 - HTTPS traffic
- 172.232.173[.]141 port 2226 - HTTPS traffic
- 172.232.173[.]141 port 2226 - HTTPS traffic

0 comments on commit 3a0ddb8

Please sign in to comment.