pikabot-malware

Introduction:

The threat landscape is ever-changing, and organizations’ cybersecurity posture becomes more vulnerable with the arrival of PikaBot malware. The report gives a glimpse of PikaBot including its distribution techniques, threat actors involved, and its most recent attack vector.

Malware overview:

PikaBot is a highly sophisticated loader that emerged in early 2023. As a backdoor and distributor of other payloads, it works both as a loader and as a core module. It is used by well-known cyber actor TA577 who typically deploys various malwares like QakBot, IcedID, Cobalt Strike etc., which pose great danger to companies due to allowing unlawful remote access to compromised hosts.

Upgrade and new threat vector:

The most recent threat vector pertains to malvertising campaign aimed at users looking for genuine software like AnyDesk. Instead of the typical malspam, this malware now disappears from malicious Google ads landing on fake webpages with an explicit MSI installer being hosted on Dropbox. The above approach shows that firms must change their security systems to recognize and deal with malvertising-related threats.

Indicators of Compromise (IOCs):

Type Value Count
File hashes SHA1: db9007656a5bedd0f734f4a797eaebdcff726874
  SHA256 (1): 5a5154c5843a18d3912063b827ef541a709aec4132b847d75d7e634683acff8d
  SHA256 (2): b6269018ac32484bdc093a6bec324fc9aa7990104a297f55600d31bff95ed6fd
IP addresses 102.129.139.65  
  144.64.204.81  
  167.86.96.3  
  38.242.240.28  
  45.131.108.250  
  79.141.175.96  
URLs https://102.129.139.65  
  https://144.64.204.81  
  https://167.86.96.3  
  https://38.242.240.28  
  https://45.131.108.250  
  https://79.141.175.96  
  https://aipccoaching.com/nide/  
Domains 2fgithub.com (Count: 152) 152
  aipccoaching.com (Count: 2) 2

 

Preventive measures:

  • User education: The users have to be informed how risky is to click suspicious ads and download software from suspicious sites.
  • Network security: Apply strong network security mechanisms like the intrusion detection system (IDS) and prevention system (IPS) that can detect and check against cyber-attacks.
  • Endpoint protection: Update endpoint protection solutions to recognize and block PikaBot as well as similar threats.
  • Regular updates: Patch all software programs, including security systems in order to close existing loopholes which can be utilized by attackers.
  • Threat intelligence integration: Create a threat intelligence feed that will allow the company to keep up with emerging threats thus modifying their strategies correspondingly.

Conclusion:

They employ different strategies; thus, organizations need to be aware of newer methods in cyber security that are coming up. By refining SIEM rules, educating users and taking preventive measures, there is a chance to decrease the risks associated with advanced threats like PikaBot. Continuous monitoring and responding to new risks will help maintain a strong cybersecurity posture.

Reference:

https://otx.alienvault.com/pulse/651db0893476731ba8cbf8ce

https://thehackernews.com/2023/12/new-malvertising-campaign-distributing.html

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.