API tools faq
paste
Advertisement
Bank_Security

MyKings: A massive multi-botnet

Bank_Security
Jan 24th, 2018
1,595
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.73 KB | None | 0 0
raw download clone embed print report
  1. IoC
  2. Botnet.0.spreader Configuration
  3. hxxp: //down.mykings.pw: 8888 / my1.html
  4. hxxp: //down.mykings.pw: 8888 / ups.rar
  5. hxxp: //down.mykings.pw: 8888 / item. dat
  6. hxxp: //up.mykings.pw: 8888 / ver.txt
  7. hxxp: //up.mykings.pw: 8888 / ups.rar
  8. hxxp: //up.mykings.pw: 8888 / update.txt
  9. hxxp: // up.mykings.pw:8888/wpdmd5.txt
  10. hxxp: //up.mykings.pw: 8888 / wpd.dat
  11. hxxp: //down.f4321y.com: 8888 / kill.html
  12. hxxp: //down.f4321y.com : 8888 / test.html
  13. hxxp: //down.f4321y.com: 8888 / ups.rar
  14. hxxp: //down.f4321y.com
  15. hxxp: //down.f4321y.com: 8888 / my1.html
  16. hxxp: // js .f4321y.com: 280 / v.sct
  17. hxxp: //up.f4321y.com
  18. hxxp: //up.f4321y.com: 8888 / ver.txt
  19. hxxp: //up.f4321y.com: 8888 / ups.rar
  20. hxxp: //up.f4321y.com: 8888 / update.txt
  21. hxxp: //up.f4321y.com: 8888 / wpdmd5.txt
  22. hxxp: // up .f4321y.com: 8888 / wpd.dat
  23. hxxp: //up.f4321y.com: 8888 / ups.rar
  24. hxxp: //down.b591.com: 8888 / ups.exe
  25. hxxp: //down.b591.com: 8888 / ups.rar
  26. hxxp: //down.b591.com: 8888 / test.html
  27. hxxp: //down.b591.com: 8888 / ups.rar
  28. hxxp: //down.b591.com: 8888 / ups.exe
  29. hxxp: //down.b591.com: 8888 / cab.rar
  30. hxxp: //down.b591.com: 8888 / cacls.rar
  31. hxxp: //down.b591.com: 8888 / kill.html
  32. hxxp: // down2 .b591.com: 8888 / ups.rar
  33. hxxp: //down2.b591.com: 8888 / wpd.dat
  34. hxxp: //down2.b591.com: 8888 / wpdmd5.txt
  35. hxxp: //down2.b591.com: 8888 / ver.txt
  36. hxxp: //dwon.kill1234.com: 280 / cao.exe
  37. hxxps: //down2.b5w91.com: 8443
  38. hxxp: //down.mysking.info: 8888 / ok.txt
  39. hxxp: //23.27.127.254: 8888 /close.bat
  40. hxxp: //js.mykings.top: 280 / v.sct
  41. hxxp: //js.mykings.top: 280 / helloworld.msi
  42. hxxp: //wmi.mykings.top: 8888 / kill.html
  43. hxxp : //wmi.mykings.top: 8888 / test.html
  44. hxxp: //209.58.186.145: 8888 / close2.bat
  45. hxxp: //67.229.144.218: 8888 / update.txt
  46. hxxp: //67.229.144.218: 8888 / ps.jpg
  47. hxxp: //67.229.144.218: 8888 / update.txt
  48. hxxp: //67.229.144.218: 8888 / my1.html
  49. hxxp: //67.229.144.218: 8888 / ver.txt
  50. hxxp: //67.229.144.218: 8888 / test.dat
  51. hxxp: //down.down0116.info -> new
  52. hxxp: //down.down0116.info/up.rar -> new
  53. hxxp: //down.down0116.info/down.txt -> new
  54. fxp: //ftp.ftp0118.info/a.exe -> new
  55.  
  56. botnet.-1.mirai
  57. hxxp: //100.43.155.171: 280 / mirai /
  58.  
  59. botnet.1.proxy
  60. hxxp: //100.43.155.171: 280 / do /
  61.  
  62. botnet.2.rat
  63. hxxp: //67.229.144.218: 8888 / test1.dat
  64. hxxp: //47.88.216.68: 8888 / test.dat
  65. hxxp: //47.52.0.176: 8888 / item.dat
  66. hxxp: //118.190. 50.141: 8888 / test.dat
  67.  
  68. botnet.3.miner
  69. hxxp: //104.37.245.82: 8888 / 32.rar
  70. fxp: //fxp.oo000oo.me/s.rar
  71. hxxp: //198.148.80.194: 8888 / 0121.rar -> new
  72. fxp: //ftp.ftp0118.info/s.rar -> new
  73.  
  74. botnet.4.rat
  75. hxxp: //104.37.245.82: 8888 / nb.dat
  76.  
  77.  
  78. link:
  79. http://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-botnets/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!