PikaBot C2 Detected – 45[.]154[.]24[.]57:2078
PikaBot Detection Alerts
PikaBot C2
The Information provided at the time of posting was detected as “PikaBot C2”. Depending on when you are viewing this article, it may no longer be the case and could be determined as being a false positive. Please do your own additional validation. – RedPacket Security
General Information
IP Address | 45[.]154[.]24[.]57 |
Port | 2078 |
Hostname (if available) | |
Description | Pikabot is a malicious backdoor that has been active since early 2023. The malware is modular with a loader and a core component that implements the majority of the functionality. Pikabot is capable of receiving commands from a command-and-control server such as the injection of arbitrary shellcode, DLLs or executable files. Zscaler Threatlabz has observed Pikabot being used to distribute Cobalt Strike. Pikabot shares similarities with the Qakbot trojan including the distribution methods, campaigns, and malware behaviors. |
Date Detected | 2023-05-26T02:33:55.946000 |
Malware Families (linked to) | Cobalt Strike, Qakbot, Pikabot, |
Tags | pikabot, qakbot, cobalt strike, threatlabz, cbc mode, advobfuscator, run registry |
References | https://www.zscaler.com/blogs/security-research/technical-analysis-pikabot |
Country | TH |
Mitre Att&ck Linked TTPS
Mitre Attack ID | Mitre Attack Name |
T1055 | Process Injection |
T1140 | Deobfuscate/Decode Files or Information |
T1027 | Obfuscated Files or Information |
T1059 | Command and Scripting Interpreter |
T1547 | Boot or Logon Autostart Execution |
T1106 | Native API |
T1082 | System Information Discovery |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.