#1238847: Mykings botnet latest activity briefing - Additional IOCs

Description: Recently, Tencent Security Threat Intelligence Center once again monitored the Mykings botnet. It recently added FTP exploits to continue spreading.

Reference:
https://s.tencent.com/research/report/594.html
First Aid: IOCs:

FileHash-SHA256 3aa18a52fc6396cd5cba8bba44c56b737ea33379aae87ae264cc026a39338db8 0
FileHash-SHA256 9ef305c27d531db6ead4049a3ebb79bb272478b44804b01a7ecfb70d9817a6d6 0
domain abauit.com 0
hostname cache.abauit.com 0
hostname cdn.abauit.com 0
URL http://cache.abauit.com/ 0
URL http://cache.abauit.com/cache.dat 0
URL http://cache.abauit.com/cache.dat?f_DESKTOP-41T6I3L 0
URL http://cache.abauit.com/cache.dat?f_WIN7-P191046C 0
URL http://cache.abauit.com/cache.dat?vf_SC-PC 0
URL http://cache.abauit.com/cache.sct 0
URL http://cache.abauit.com/cache.sct?v1_ADMIN-PC_admin 0
URL http://cdn.abauit.com/ 0
URL http://cdn.abauit.com/cache.sct 0
URL http://cdn.abauit.com/cache.sct?v6b64 0
URL http://cdn.abauit.com/dnscore.sct?v4 0
URL http://cdn.abauit.com/p?fv 0
URL https://cache.abauit.com/ 0
hostname p.abauit.com 0
hostname start.abauit.com
More info: https://otx.alienvault.com/pulse/5c05518154d07b314cf32fc4?utm_medium=InProduct&utm_source=OTX&utm_content=Email&utm_campaign=new_pulse_from_subscribed

Date added Dec. 3, 2018, 10:01 p.m.
Source AlienVault
Subjects
  • All New Malware or Attack Alerts - New Reports / IOCs in
  • General Malware - New Reports in