PikaBot C2 Detected – 37[.]60[.]242[.]85:9785

PikaBot Detection Alerts

image 35

PikaBot C2

The Information provided at the time of posting was detected as “PikaBot C2”. Depending on when you are viewing this article, it may no longer be the case and could be determined as being a false positive. Please do your own additional validation. – RedPacket Security


General Information

IP Address37[.]60[.]242[.]85
Port9785
Hostname (if available)vmd129090[.]contaboserver[.]net
DescriptionPikabot is a malware loader that was first observed in early 2023 and became very active following the takedown of Qakbot in August 2023. In December 2023, Pikabot activity ceased, possibly as a result of a new version of Qakbot that emerged. In February 2024, a new version of Pikabot was released with significant changes. The malware continues to pose a significant cyber threat and is in constant development, although the developers have decreased the complexity level of Pikabot’s code by removing advanced obfuscation features.
Date Detected2024-02-14T09:20:02.291000
Malware Families (linked to)Pikabot, QakBot – S0650, Pinkslipbot, QuackBot, QBot,
Tagsloader, qakbot, malware, obfuscation, injection, ransomware, cobalt strike, cve-2021-44228, quackbot, pinkslipbot, pikabot, qbot, evasion
Referenceshttps://www.zscaler.com/blogs/security-research/d-evolution-pikabot
CountryUS

Mitre Att&ck Linked TTPS

Mitre Attack ID Mitre Attack Name
T1140 Deobfuscate/Decode Files or Information
T1036 Masquerading
T1055 Process Injection
T1566 Phishing
T1027 Obfuscated Files or Information

 

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.