Advertisement
Bank_Security

MyKings: A massive multi-botnet

Jan 24th, 2018
1,593
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.73 KB | None | 0 0
  1. IoC
  2. Botnet.0.spreader Configuration
  3. hxxp: //down.mykings.pw: 8888 / my1.html
  4. hxxp: //down.mykings.pw: 8888 / ups.rar
  5. hxxp: //down.mykings.pw: 8888 / item. dat
  6. hxxp: //up.mykings.pw: 8888 / ver.txt
  7. hxxp: //up.mykings.pw: 8888 / ups.rar
  8. hxxp: //up.mykings.pw: 8888 / update.txt
  9. hxxp: // up.mykings.pw:8888/wpdmd5.txt
  10. hxxp: //up.mykings.pw: 8888 / wpd.dat
  11. hxxp: //down.f4321y.com: 8888 / kill.html
  12. hxxp: //down.f4321y.com : 8888 / test.html
  13. hxxp: //down.f4321y.com: 8888 / ups.rar
  14. hxxp: //down.f4321y.com
  15. hxxp: //down.f4321y.com: 8888 / my1.html
  16. hxxp: // js .f4321y.com: 280 / v.sct
  17. hxxp: //up.f4321y.com
  18. hxxp: //up.f4321y.com: 8888 / ver.txt
  19. hxxp: //up.f4321y.com: 8888 / ups.rar
  20. hxxp: //up.f4321y.com: 8888 / update.txt
  21. hxxp: //up.f4321y.com: 8888 / wpdmd5.txt
  22. hxxp: // up .f4321y.com: 8888 / wpd.dat
  23. hxxp: //up.f4321y.com: 8888 / ups.rar
  24. hxxp: //down.b591.com: 8888 / ups.exe
  25. hxxp: //down.b591.com: 8888 / ups.rar
  26. hxxp: //down.b591.com: 8888 / test.html
  27. hxxp: //down.b591.com: 8888 / ups.rar
  28. hxxp: //down.b591.com: 8888 / ups.exe
  29. hxxp: //down.b591.com: 8888 / cab.rar
  30. hxxp: //down.b591.com: 8888 / cacls.rar
  31. hxxp: //down.b591.com: 8888 / kill.html
  32. hxxp: // down2 .b591.com: 8888 / ups.rar
  33. hxxp: //down2.b591.com: 8888 / wpd.dat
  34. hxxp: //down2.b591.com: 8888 / wpdmd5.txt
  35. hxxp: //down2.b591.com: 8888 / ver.txt
  36. hxxp: //dwon.kill1234.com: 280 / cao.exe
  37. hxxps: //down2.b5w91.com: 8443
  38. hxxp: //down.mysking.info: 8888 / ok.txt
  39. hxxp: //23.27.127.254: 8888 /close.bat
  40. hxxp: //js.mykings.top: 280 / v.sct
  41. hxxp: //js.mykings.top: 280 / helloworld.msi
  42. hxxp: //wmi.mykings.top: 8888 / kill.html
  43. hxxp : //wmi.mykings.top: 8888 / test.html
  44. hxxp: //209.58.186.145: 8888 / close2.bat
  45. hxxp: //67.229.144.218: 8888 / update.txt
  46. hxxp: //67.229.144.218: 8888 / ps.jpg
  47. hxxp: //67.229.144.218: 8888 / update.txt
  48. hxxp: //67.229.144.218: 8888 / my1.html
  49. hxxp: //67.229.144.218: 8888 / ver.txt
  50. hxxp: //67.229.144.218: 8888 / test.dat
  51. hxxp: //down.down0116.info -> new
  52. hxxp: //down.down0116.info/up.rar -> new
  53. hxxp: //down.down0116.info/down.txt -> new
  54. fxp: //ftp.ftp0118.info/a.exe -> new
  55.  
  56. botnet.-1.mirai
  57. hxxp: //100.43.155.171: 280 / mirai /
  58.  
  59. botnet.1.proxy
  60. hxxp: //100.43.155.171: 280 / do /
  61.  
  62. botnet.2.rat
  63. hxxp: //67.229.144.218: 8888 / test1.dat
  64. hxxp: //47.88.216.68: 8888 / test.dat
  65. hxxp: //47.52.0.176: 8888 / item.dat
  66. hxxp: //118.190. 50.141: 8888 / test.dat
  67.  
  68. botnet.3.miner
  69. hxxp: //104.37.245.82: 8888 / 32.rar
  70. fxp: //fxp.oo000oo.me/s.rar
  71. hxxp: //198.148.80.194: 8888 / 0121.rar -> new
  72. fxp: //ftp.ftp0118.info/s.rar -> new
  73.  
  74. botnet.4.rat
  75. hxxp: //104.37.245.82: 8888 / nb.dat
  76.  
  77.  
  78. link:
  79. http://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-botnets/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement