← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
WHITE Bigpanzi AlienVault 2024-01-18 Modified: 2024-02-17
150
IOCs
HIGH VOLUME
A major cybercrime syndicate, known as Bigpanzi, is targeting Android set-top boxes and other devices with malicious software, as well as operating platforms such as Windows, Android and Windows. This botnet, which at its peak, Qianxin noted approximately 170,000 daily active bots, predominantly in Brazil has been mainly used for DDoS attacks. Additionally, the threat actors have used it to misuse controlled Android TVs, for example in a network attack on set-top boxes in the UAE on December 11, 2023, where regular broadcasts were substituted with footage of the Israel-Palestine conflict.
botnetddosandroidbigpanzipcdn
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Bigpanzi
Indicators of Compromise (150)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 044122d46b874892227239ef9a1e7b3c 2024-01-18
FileHash-MD5 16047c1cbc51a1e625465a60092499aa 2024-01-18
FileHash-MD5 1bcc313bf3429bcf484f3fafe68726b0 2024-01-18
FileHash-MD5 4079859aae0c6a46c6ba3516bdb500d0 2024-01-18
FileHash-MD5 4338e9bd02b42eb458f8515caa3bab8e 2024-01-18
FileHash-MD5 49f65662c089c5e009fb76af1971f9da 2024-01-18
FileHash-MD5 59956383454c03084cfc568780a1ac1b 2024-01-18
FileHash-MD5 5b2727ba2924fd4d204bf39e601bb77c 2024-01-18
FileHash-MD5 606939075437b985bce0d46b080419d9 2024-01-18
FileHash-MD5 634c0e7fcc9529005a63c2918ad9dcc5 2024-01-18
FileHash-MD5 7ccdaa9aa63114ab42d49f3fe81519d9 2024-01-18
FileHash-MD5 8b42856160806089fc63a97b0f31841d 2024-01-18
FileHash-MD5 95357a1d45deebd8bdc4ac01a4ad8c08 2024-01-18
FileHash-MD5 9a1a6d484297a4e5d6249253f216ed69 2024-01-18
FileHash-MD5 a4f1808d4430fc2bbf5dc6749388727e 2024-01-18
FileHash-MD5 adb3efa194ca5aa377aa53a262744ca1 2024-01-18
FileHash-MD5 b0a192c6f2bbd7247dfef36665bf6c88 2024-01-18
FileHash-MD5 b77b797ac55e378f952ce120bab97b12 2024-01-18
FileHash-MD5 c8b83db92478fc2a1b1e10885ae85d92 2024-01-18
FileHash-MD5 d6285261d6b2d0a26d186e1b831664db 2024-01-18
FileHash-MD5 d71e54f42d6b45604cf29780256032d8 2024-01-18
FileHash-MD5 ed69a2228a1280d1bce51b11bc7857d4 2024-01-18
FileHash-SHA1 07fcc0267dc638235afad4ca90c6fa229b7afe44 SHA1 of 606939075437b985bce0d46b080419d9 2024-01-18
FileHash-SHA1 315ce059dc226831b691e12cf954d9ed038075ca SHA1 of 16047c1cbc51a1e625465a60092499aa 2024-01-18
FileHash-SHA1 5a57b4804cbb0e8976347a969b0bd5d7d226d58e SHA1 of 4338e9bd02b42eb458f8515caa3bab8e 2024-01-18
FileHash-SHA256 6ff061d2d6f4c6ffef28c433dd41c974801281ecc47f34ff19e76141fc8b09aa SHA256 of 4338e9bd02b42eb458f8515caa3bab8e 2024-01-18
FileHash-SHA256 9b0b03f06a2dfaacd1448466370101a9a7db47264af3326b87245369ede9068e SHA256 of 16047c1cbc51a1e625465a60092499aa 2024-01-18
FileHash-SHA256 ffa36182538d2fec1c0f16f53705d86cd6d6dc5b7c2185b8021976b6bc057459 SHA256 of 606939075437b985bce0d46b080419d9 2024-01-18
URL http://ak.tknxg.cf:8080 2024-01-18
URL http://bas.sw1ez.com:8080 2024-01-18
URL http://bps.tr2eq.com:8080 2024-01-18
URL http://caq.xv8ta.com:8080 2024-01-18
URL http://eumk.wak2p.com:8080/marketdatas/dns/hosts 2024-01-18
URL http://fadfa.dyanoe.com:8080 2024-01-18
URL http://fadfa.gdalieyw.com:8080 2024-01-18
URL http://fadfatest.pneydn.com:8080/stb-download/tool/$1 2024-01-18
URL http://fadfatest.pneydn.com:8080/stb-download/tool/a.sh 2024-01-18
URL http://fadfatest.pneydn.com:8080/stb-download/tool/na.sh 2024-01-18
URL http://pcn.panddna.com:8080/marketdatas/dns/hosts 2024-01-18
URL http://tano.jdsefbe.com:8080 2024-01-18
URL http://tano.syhs8u.com:8080 2024-01-18
URL http://tigx.xjs7zu.com:8080 2024-01-18
URL http://tigx.xsefbe.com:8080 2024-01-18
URL http://tyu.fart1.com:8080 2024-01-18
URL http://tyu.sdhenbe.com:8080 2024-01-18
URL http://vpr.pprv1.com:8080 2024-01-18
URL http://xihb.bhowljw1.com:8080 2024-01-18
URL http://xihb.lgewer1f.com:8080 2024-01-18
URL http://xtsj.ofdad3.com:8080 2024-01-18
URL http://xtsj.sisenji.com:8080 2024-01-18
URL http://xtsj.syshebe.com:8080 2024-01-18
URL http://xtsj.terwea.com:8080 2024-01-18
URL http://yuo.tyt3s.com:8080 2024-01-18
domain ageniusapp.cc 2024-01-18
domain ageniustv1.cc 2024-01-18
domain ageniusvod.cc 2024-01-18
domain brasilhtv-epg1.cc 2024-01-18
domain dyanoe.com 2024-01-18
domain fonestero.com 2024-01-18
domain ftsym1.com 2024-01-18
domain idaapi.search 2024-01-18
domain mf1ve.com 2024-01-18
domain sevenmiddleware.cf 2024-01-18
hostname abcr.ftsym1.com 2024-01-18
hostname ak.tknxg.cf 2024-01-18
hostname alchaes.abdc11.com 2024-01-18
hostname api.qicicloud.xyz 2024-01-18
hostname api.tenlsi1.club 2024-01-18
hostname apz.bsaldo.com 2024-01-18
hostname apz.pdonno.com 2024-01-18
hostname b1.str2c.com 2024-01-18
hostname bas.sw1ez.com 2024-01-18
hostname boxupsev.mkuspt.com 2024-01-18
hostname bps.tr2eq.com 2024-01-18
hostname btyu.pifsq.com 2024-01-18
hostname caq.xv8ta.com 2024-01-18
hostname cdab.p2mqt.com 2024-01-18
hostname channels2.homelinux.com 2024-01-18
hostname dcs.reakf.com 2024-01-18
hostname dcs.tefds.com 2024-01-18
hostname dlewals.adfoiadf892.net 2024-01-18
hostname dmdz.res4f.com 2024-01-18
hostname eumk.wak2p.com 2024-01-18
hostname fadfa.dyanoe.com 2024-01-18
hostname fadfa.gdalieyw.com 2024-01-18
hostname fadfatest.pneydn.com 2024-01-18
hostname gsb.reakf.com 2024-01-18
hostname gsb.tefds.com 2024-01-18
hostname gt3.kt2wt.com 2024-01-18
hostname hgxx123p.ourhousei.com 2024-01-18
hostname hsh.kfdaf.com 2024-01-18
hostname hts.nfdaf.com 2024-01-18
hostname img.p2mqt.com 2024-01-18
hostname in32hbccw.oneconcord.net 2024-01-18
hostname iptty3m.dotxui.com 2024-01-18
hostname isam.homelinux.com 2024-01-18
hostname jdak.jdsaf.com 2024-01-18
hostname jdl.hgdsd.com 2024-01-18
hostname jdl.oygaf.com 2024-01-18
hostname jdl.pugexiz.com 2024-01-18
hostname jdz.lgdaf.com 2024-01-18
hostname jgp.pdltdgie.com 2024-01-18
hostname ji1.mxq1b.com 2024-01-18
hostname kp519bpa.fireisi.com 2024-01-18
hostname lof.sty1x.com 2024-01-18
hostname mak.wak2p.com 2024-01-18
hostname nikcc32.honisu.com 2024-01-18
hostname ok3.mf1ve.com 2024-01-18
hostname ok3.mflve.com 2024-01-18
hostname p5x.ty3w2.com 2024-01-18
hostname pcdnbus-bk.a2k3v.com 2024-01-18
hostname pcdnbus.ou2sv.com 2024-01-18
hostname pcdnfuc.ou2sv.com 2024-01-18
hostname pcn.panddna.com 2024-01-18
hostname pf3a.res4f.com 2024-01-18
hostname plart2z.incenu.com 2024-01-18
hostname plslb.ou2sv.com 2024-01-18
hostname ppn.pnddon.com 2024-01-18
hostname pu9z3cca.trumpary.com 2024-01-18
hostname pukpa.slkd4.com 2024-01-18
hostname qhwh.waks2.com 2024-01-18
hostname redavss.noip.me 2024-01-18
hostname ruetsm.mkuspt.com 2024-01-18
hostname ryy8zc.dotxui.com 2024-01-18
hostname snh.kfdaf.com 2024-01-18
hostname snh.oygaf.com 2024-01-18
hostname stpoto.sdfaf1230app.net 2024-01-18
hostname tano.jdsefbe.com 2024-01-18
hostname tano.syhs8u.com 2024-01-18
hostname tigx.xjs7zu.com 2024-01-18
hostname tigx.xsefbe.com 2024-01-18
hostname tyu.fart1.com 2024-01-18
hostname tyu.sdhenbe.com 2024-01-18
hostname vfz.str2c.com 2024-01-18
hostname vpr.pprv1.com 2024-01-18
hostname vup.k2glu.com 2024-01-18
hostname wrkv.jiexi.com 2024-01-18
hostname wwrc9.ngoox.com 2024-01-18
hostname www.htvmarket.com 2024-01-18
hostname www.qicicloud.xyz 2024-01-18
hostname www.tenlsi1.club 2024-01-18
hostname xihb.bhowljw1.com 2024-01-18
hostname xihb.lgewer1f.com 2024-01-18
hostname xtsj.ofdad3.com 2024-01-18
hostname xtsj.sisenji.com 2024-01-18
hostname xtsj.syshebe.com 2024-01-18
hostname xtsj.terwea.com 2024-01-18
hostname yuo.tyt3s.com 2024-01-18
hostname zas8wie.snarutox.com 2024-01-18
hostname zms.mgfdaf.com 2024-01-18
References (1)
↗ https://blog.xlab.qianxin.com/bigpanzi-exposed-hidden-cyber-threat-behind-your-stb/