Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box [Thursday, January 18, 2024]

A major cybercrime syndicate, known as Bigpanzi, is targeting Android set-top boxes and other devices with malicious software, as well as operating...
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box [Thursday, January 18, 2024]
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
Report

Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box

Description :
A major cybercrime syndicate, known as Bigpanzi, is targeting Android set-top boxes and other devices with malicious software, as well as operating platforms such as Windows, Android and Windows. This botnet, which at its peak, Qianxin noted approximately 170,000 daily active bots, predominantly in Brazil has been mainly used for DDoS attacks. Additionally, the threat actors have used it to misuse controlled Android TVs, for example in a network attack on set-top boxes in the UAE on December 11, 2023, where regular broadcasts were substituted with footage of the Israel-Palestine conflict.

Published Created Modified
2024-01-18 11:05:09 2024-01-18 11:05:09 2024-01-18 11:32:38

Tags

Indicators

IPv4s :
  • 71.19.252.13
  • 199.189.87.86
  • 23.237.10.90
  • 71.19.250.244
  • 209.239.115.231
  • 94.75.218.122
  • 50.30.37.108
  • 209.126.116.211
  • 198.16.66.162
  • 50.7.118.114
  • 34.36.1.200
  • 209.239.115.206
  • 118.184.69.3
  • 71.19.250.242
  • 192.200.112.10
  • 142.0.141.169
  • 207.38.87.205
  • 81.171.0.77
  • 45.14.106.78
  • 162.209.126.216
  • 198.255.88.146
URLs :
  • http://xtsj.syshebe.com:8080
  • http://xtsj.ofdad3.com:8080
  • http://fadfa.gdalieyw.com:8080
  • http://tigx.xsefbe.com:8080
  • http://tano.jdsefbe.com:8080
  • http://tano.syhs8u.com:8080
  • www.qicicloud.xyz
  • http://tyu.fart1.com:8080
  • http://xihb.lgewer1f.com:8080
  • http://ak.tknxg.cf:8080
  • http://fadfatest.pneydn.com:8080/stb-download/tool/$1
  • http://yuo.tyt3s.com:8080
  • http://tigx.xjs7zu.com:8080
  • http://pcn.panddna.com:8080/marketdatas/dns/hosts
  • http://eumk.wak2p.com:8080/marketdatas/dns/hosts
  • http://fadfatest.pneydn.com:8080/stb-download/tool/na.sh
  • http://xtsj.terwea.com:8080
  • www.htvmarket.com
  • www.tenlsi1.club
  • http://fadfatest.pneydn.com:8080/stb-download/tool/a.sh
  • http://xtsj.sisenji.com:8080
  • http://tyu.sdhenbe.com:8080
  • http://caq.xv8ta.com:8080
  • http://bas.sw1ez.com:8080
  • http://fadfa.dyanoe.com:8080
  • http://xihb.bhowljw1.com:8080
  • http://vpr.pprv1.com:8080
  • http://bps.tr2eq.com:8080
Domains :
  • ok3.mf1ve.com
  • nikcc32.honisu.com
  • zas8wie.snarutox.com
  • alchaes.abdc11.com
  • ji1.mxq1b.com
  • jgp.pdltdgie.com
  • xtsj.syshebe.com
  • dmdz.res4f.com
  • tyu.sdhenbe.com
  • jdl.hgdsd.com
  • hsh.kfdaf.com
  • plslb.ou2sv.com
  • ppn.pnddon.com
  • lof.sty1x.com
  • vfz.str2c.com
  • dcs.reakf.com
  • zms.mgfdaf.com
  • ageniusapp.cc
  • iptty3m.dotxui.com
  • dlewals.adfoiadf892.net
  • pukpa.slkd4.com
  • btyu.pifsq.com
  • ok3.mflve.com
  • snh.oygaf.com
  • tano.jdsefbe.com
  • bps.tr2eq.com
  • pf3a.res4f.com
  • xtsj.sisenji.com
  • api.tenlsi1.club
  • isam.homelinux.com
  • gsb.tefds.com
  • gt3.kt2wt.com
  • mak.wak2p.com
  • xtsj.ofdad3.com
  • gsb.reakf.com
  • pcdnbus.ou2sv.com
  • ak.tknxg.cf
  • p5x.ty3w2.com
  • redavss.noip.me
  • ageniusvod.cc
  • jdl.pugexiz.com
  • fadfa.dyanoe.com
  • apz.pdonno.com
  • fadfatest.pneydn.com
  • jdl.oygaf.com
  • abcr.ftsym1.com
  • hgxx123p.ourhousei.com
  • dcs.tefds.com
  • tano.syhs8u.com
  • ryy8zc.dotxui.com
  • jdz.lgdaf.com
  • apz.bsaldo.com
  • bas.sw1ez.com
  • vup.k2glu.com
  • pcdnfuc.ou2sv.com
  • ageniustv1.cc
  • tigx.xsefbe.com
  • img.p2mqt.com
  • channels2.homelinux.com
  • kp519bpa.fireisi.com
  • plart2z.incenu.com
  • dyanoe.com
  • b1.str2c.com
  • yuo.tyt3s.com
  • fadfa.gdalieyw.com
  • eumk.wak2p.com
  • api.qicicloud.xyz
  • wrkv.jiexi.com
  • tigx.xjs7zu.com
  • sevenmiddleware.cf
  • pcdnbus-bk.a2k3v.com
  • pu9z3cca.trumpary.com
  • pcn.panddna.com
  • xihb.lgewer1f.com
  • in32hbccw.oneconcord.net
  • ruetsm.mkuspt.com
  • xihb.bhowljw1.com
  • xtsj.terwea.com
  • qhwh.waks2.com
  • brasilhtv-epg1.cc
  • tyu.fart1.com
  • stpoto.sdfaf1230app.net
  • vpr.pprv1.com
  • mf1ve.com
  • wwrc9.ngoox.com
  • cdab.p2mqt.com
  • boxupsev.mkuspt.com
  • fonestero.com
  • hts.nfdaf.com
  • idaapi.search
  • ftsym1.com
  • snh.kfdaf.com
  • caq.xv8ta.com
  • jdak.jdsaf.com
Malwares :
  • Bigpanzi
Hashes :
  • 6ff061d2d6f4c6ffef28c433dd41c974801281ecc47f34ff19e76141fc8b09aa
  • ffa36182538d2fec1c0f16f53705d86cd6d6dc5b7c2185b8021976b6bc057459
  • 9b0b03f06a2dfaacd1448466370101a9a7db47264af3326b87245369ede9068e
Intrusion set :
  • Bigpanzi
Location :
  • Brazil
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.