[QuickNote] Technical Analysis of recent Pikabot Core Module
Tags
| country: | Ukraine |
| attack-pattern: | Data Botnet - T1583.005 Botnet - T1584.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | ab36e7ad-79e4-497b-927a-b4aa081f908d |
| Fingerprint | 2c937b1569bba3b1 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Jan. 6, 2024, 11:39 a.m. |
| Added to db | Aug. 31, 2024, 6:08 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | 0day in {REA_TEAM} |
| Title | [QuickNote] Technical Analysis of recent Pikabot Core Module |
| Detected Hints/Tags/Attributes | 47/2/14 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 146 | ✔ | 0day in {REA_TEAM} | https://kienmanowar.wordpress.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 46 | netstat.exe |
|
| Details | File | 51 | ipconfig.exe |
|
| Details | File | 62 | whoami.exe |
|
| Details | md5 | 2 | f0adda360d2b4ccda11468e026526576 |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 291 | user32.dll |
|
| Details | File | 185 | shell32.dll |
|
| Details | File | 86 | ole32.dll |
|
| Details | File | 146 | wininet.dll |
|
| Details | File | 229 | advapi32.dll |
|
| Details | File | 59 | netapi32.dll |
|
| Details | sha256 | 1 | ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da |
|
| Details | Url | 1 | https://gchq.github.io/cyberchef/#recipe=rc4 |