ioc[.]one - OSINT Cyber Threat Intelligence Database

Pikabot

Show in Graph

Common Information

Type	Value
UUID	5f59571d-f6f7-46d5-b0cd-da2a24209741
Fingerprint	a033e95ddf632e9b27bcc3fa1eafdff9c5500e99682330c8d339d51f3dbe62cb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 2, 2024, 9:11 a.m.
Added to db	June 5, 2024, 1:31 p.m.
Last updated	Aug. 31, 2024, 8:24 a.m.
Headline	Pikabot
Title	Pikabot
Detected Hints/Tags/Attributes	163/4/121

Source URLs

	Redirection	Url
Details	Source	https://www.logpoint.com/wp-content/uploads/2024/02/logpoint-etpr-pikabot.pdf

URL Provider

Details	Provider	Source level domain
Details	logpoint.com	www.logpoint.com

Attributes

Details	Type	#Events	Value
Details	CVE	133	cve-2023-38831
Details	Domain	22	www.logpoint.com
Details	Domain	4127	github.com
Details	Domain	97	abuse.ch
Details	Domain	1	martenesid.com
Details	Domain	1	bw.zip
Details	Domain	2	pantiwilasa.app
Details	Domain	1	fpti.zip
Details	Domain	75	tria.ge
Details	Domain	372	wscript.shell
Details	Domain	14	ssl.com
Details	Domain	1	superrrdental.com
Details	Domain	74	adodb.stream
Details	Domain	6	wsh.run
Details	Domain	3	reutersinstitute.politics.ox.ac.uk
Details	Domain	1	plawers.com
Details	File	39	www.log
Details	File	10	'.dll
Details	File	376	wscript.exe
Details	File	1018	rundll32.exe
Details	File	1	c:\users\admin\appdata\local\temp\quou.js
Details	File	1	c:\users\admin\appdata\local\temp\y98.dll
Details	File	2125	cmd.exe
Details	File	1	y98.dll
Details	File	1	2023.txt
Details	File	4	u.bat
Details	File	1	c:\users\admin\appdata\local\temp\notext.js
Details	File	1	'bw.zip
Details	File	3	c:\windows\syswow64\7za.exe
Details	File	5	c:\windows\system32\7za.exe
Details	File	1	c:\users\user\downloads\bw.zip
Details	File	3	c:\windows\syswow64\unarchiver.exe
Details	File	1	expedita.js
Details	File	409	c:\windows\system32\cmd.exe
Details	File	1	bw.zip
Details	File	23	searchprotocolhost.exe
Details	File	1	fpti.zip
Details	File	1	r812.js
Details	File	1	c:\users\admin\appdata\local\temp\r812.js
Details	File	1	xrn.dll
Details	File	1	c:\users\rdhj0cnfevzx\desktop\xlexjlc.exe
Details	File	1	ca0fedc82a173af6ba4e5764bce4c98838d59babc99fdea3c9325f54ade2f649.xlk
Details	File	199	excel.exe
Details	File	3	default.exe
Details	File	456	mshta.exe
Details	File	1	c:\users\public\default.exe
Details	File	1	c:\\windows\\system32\\curl.exe
Details	File	1	c:\\users\\public\\123321.vbs
Details	File	13	'.txt
Details	File	1	oic.msi
Details	File	5	'.tmp
Details	File	47	winrar.exe
Details	File	269	msiexec.exe
Details	File	1	c:\users\admin\appdata\local\temp\oic.msi
Details	File	4	123.pdf
Details	File	1	'123.pdf
Details	File	1	c:\users\admin\appdata\local\temp\7zo8634d388\123.pdf
Details	File	1	169342545590136.dat
Details	File	10	searchfilterhost.exe
Details	File	1	c:\windows\installer\msi67e2.tmp
Details	File	1	old.cs
Details	File	1	wx.pdf
Details	File	459	regsvr32.exe
Details	File	1	xsa.log
Details	File	1	abqd.pdf
Details	File	3	bootim.exe
Details	File	23	c:\windows\system32\regsvr32.exe
Details	File	62	scrobj.dll
Details	File	127	c:\windows\system32\rundll32.exe
Details	File	1	laminos.dll
Details	File	1208	powershell.exe
Details	File	1	apprunner.exe
Details	File	1260	explorer.exe
Details	File	1	digital_news-report_2022.pdf
Details	File	1	'apprunner.exe
Details	File	1	donot.dll
Details	File	62	whoami.exe
Details	File	46	netstat.exe
Details	File	51	ipconfig.exe
Details	File	155	cscript.exe
Details	File	93	curl.exe
Details	File	13	wget.exe
Details	File	95	pdf.exe
Details	File	32	powershell_ise.exe
Details	File	35	pwsh.exe
Details	Github username	2	pr0xylife
Details	md5	1	3aee1200d91ed3572e26a5cf6100d6f1
Details	sha256	1	4f72f711f565eaec5ff4925ccd516bc2439794d7c93701a77413aa10e36de535
Details	sha256	1	4a6d8020b61623b5a13a4fc27c5de1d1ae71c56b456b9646e1c5711f94caab82
Details	sha256	2	56db0c4842a63234ab7fe2dda6eeb63aa7bb68f9a456985b519122f74dea37e2
Details	sha256	2	cb685ba5b5e7bfe686839722d96ed6b9a13b95f61902d23f7b1e27632d569f9f
Details	sha256	3	15e4de42f49ea4041e4063b991ddfc6523184310f03e645c17710b370ee75347
Details	sha256	1	ca0fedc82a173af6ba4e5764bce4c98838d59babc99fdea3c9325f54ade2f649
Details	sha256	1	e215b91ab8e791d0a7a58a462f33a2ef36886b2b9d8bb211466172902f092796
Details	sha256	1	38165af7ef4861e8efdb51657404facee375cf33f50a18f213f104b2e661df57
Details	IPv4	1	95.216.204.145
Details	IPv4	2	64.176.193.25
Details	IPv4	2	45.32.194.209
Details	IPv4	1	45.76.233.103
Details	IPv4	1	45.32.206.198
Details	Url	1	http://95.216.204.145/k2n/churo
Details	Url	1	https://www.virustotal.com/gui/file/4f72f711f565eaec5ff4925ccd516bc2439794d7c93701a77413aa10e36de535
Details	Url	1	https://github.com/pr0xylife/pikabot/blob/main/pikabot_27.10.2023.txt
Details	Url	1	https://github.com/pr0xylife/pikabot/blob/main/pikabot_12.12.2023.txt
Details	Url	1	https://martenesid.com/bb7k/410636334
Details	Url	1	http://64.176.193.25
Details	Url	1	https://www.virustotal.com/gui/file/56db0c4842a63234ab7fe2dda6eeb63aa7bb68f9a456985b519122f74dea37e2
Details	Url	1	https://github.com/pr0xylife/pikabot/blob/main/pikabot_01.11.2023.txt
Details	Url	2	https://pantiwilasa.app/teq/?1337
Details	Url	2	http://45.32.194.209/opw40b/preju
Details	Url	1	https://github.com/pr0xylife/pikabot/blob/main/pikabot_23.10.2023.txt
Details	Url	1	https://tria.ge/231023-lpw85she57/behavioral2
Details	Url	1	http://45.76.233.103/fwuzqek/02do
Details	Url	1	https://tria.ge/231003-sqrhlscg2w/behavioral2
Details	Url	1	http://45.32.206.198/ha5tl/0.169342545590136.dat
Details	Url	1	https://github.com/pr0xylife/pikabot/blob/main/pikabot_07.11.2023.txt
Details	Url	1	https://github.com/pr0xylife/pikabot/blob/main/pikabot_06.12.2023.txt
Details	Url	1	https://superrrdental.com/h6f/dshjdsjkkd
Details	Url	1	https://reutersinstitute.politics.ox.ac.uk/sites
Details	Url	1	https://plawers.com/toa
Details	Url	1	https://github.com/pr0xylife/pikabot/blob/main/pikabot_05.10.2023.txt