HIGH ALERT ADVISORY: NEW PIKABOT SPAM RUN WITH ATTACHED HTML CODE (long but useful read)

Noticed this alert on the 8th of December that might come in handy to a lot of cybersecurity PROs here:





Recently, PikaBOT has been spamming random email addresses using the reply chain technique.



The unwanted emails carry an attached HTML document which, if opened, will attempt to download an MSI installation package.





It is done via the website https://cecvillamaria\[.\]org/ae/ -> The malicious MSI package will be offered via PikaBOT tier-1 C&C



Other download/C&C servers that we have seen include:



https://154.61.75\[.\]156:2078 …

addresses advisory alert code cybersecurity december document email emails high high alert html lot random reply chain run spam spamming