Compromised

What is the IP address used for initial access?

A) 162.252.172.54

What is the SHA256 hash of the malware?

A) 9b8ffdc8ba2b2caa485cca56a82b2dcbd251f65fb30bc88f0ac3da6704e4d3c6

What is the Family label of the malware?

A) Pikabot

When was the malware first seen in the wild (UTC)?

A) 2023-05-19 14:01:21

The malware used HTTPS traffic with a self-signed certificate. What are the ports, from smallest to largest?

A) 2078, 2222, 32999

What is the id-at-localityName of the self-signed certificate associated with the first malicious IP?

A) Pyopneumopericardium

What is the notBefore time(UTC) for this self-signed certificate?

A) 2023-05-14 08:36:52

What was the domain used for tunneling?

A) steasteel.net