The Cuckoo Miner Campaign
Common Information
| Type | Value |
|---|---|
| UUID | 328c111a-d2f6-4bb7-a902-acc7d08744b4 |
| Fingerprint | 8e21e7adb7ac62ff1532f7186e549066cd5be7a562d28e9bd9da161d9b518c10 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 6, 2016, 6:22 p.m. |
| Added to db | Dec. 18, 2024, 8:10 p.m. |
| Last updated | Dec. 18, 2024, 8:12 p.m. |
| Headline | The Cuckoo Miner Campaign |
| Title | The Cuckoo Miner Campaign |
| Detected Hints/Tags/Attributes | 160/4/101 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://documents.trendmicro.com/assets/Cuckoo-Miner-Technical-Brief.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 1 | AS20013 |
|
| Details | Autonomous System Number | 3 | AS5577 |
|
| Details | Autonomous System Number | 2 | AS30962 |
|
| Details | Autonomous System Number | 1 | AS37076 |
|
| Details | Autonomous System Number | 1 | AS29465 |
|
| Details | Autonomous System Number | 3 | AS42708 |
|
| Details | Autonomous System Number | 1 | AS36873 |
|
| Details | Autonomous System Number | 22 | AS20473 |
|
| Details | Autonomous System Number | 1 | AS36923 |
|
| Details | Autonomous System Number | 2 | AS33182 |
|
| Details | Autonomous System Number | 2 | AS33387 |
|
| Details | Autonomous System Number | 3 | AS36351 |
|
| Details | Autonomous System Number | 1 | AS199388 |
|
| Details | CVE | 54 | cve-2014-1761 |
|
| Details | CVE | 8 | cve-2015-1770 |
|
| Details | CVE | 84 | cve-2010-3333 |
|
| Details | Domain | 15 | www.norton.com |
|
| Details | Domain | 2 | www.notornsecurity.com |
|
| Details | Domain | 2 | www.nortonsecurity.com |
|
| Details | Domain | 2 | correctip.noip.me |
|
| Details | Domain | 64 | vb.net |
|
| Details | Domain | 2 | login.loginto.me |
|
| Details | Domain | 3 | hostdime.com |
|
| Details | Domain | 2 | uaelab.mypsx.net |
|
| Details | Domain | 11 | no-ip.com |
|
| Details | Domain | 1 | 2p.com |
|
| Details | Domain | 1 | efan.org |
|
| Details | Domain | 1 | modem.org |
|
| Details | Domain | 1 | myapp.no |
|
| Details | Domain | 2 | ip.biz |
|
| Details | Domain | 1 | sx.net |
|
| Details | Domain | 1 | login.collegefan.org |
|
| Details | Domain | 1 | myapp.no-ip.biz |
|
| Details | Domain | 1 | jack.servep2p.co |
|
| Details | Domain | 3 | ge.com |
|
| Details | Domain | 4 | service.com |
|
| Details | Domain | 633 | www.trendmicro.com |
|
| Details | File | 1 | doc_ref_099383_733.doc |
|
| Details | File | 2 | doc_ref_098383_732.jar |
|
| Details | File | 1 | 83_732.jar |
|
| Details | File | 3 | pdf.jar |
|
| Details | File | 2 | remittance004-html.jar |
|
| Details | File | 2 | remitance004-pdf.jar |
|
| Details | File | 2 | doc_ref_098383_733.doc |
|
| Details | File | 1 | 383_732.jar |
|
| Details | File | 1 | 383_733.doc |
|
| Details | File | 1184 | svchost.exe |
|
| Details | File | 1 | _temp.dat |
|
| Details | File | 2 | ammendment.doc |
|
| Details | File | 7 | activex1.bin |
|
| Details | File | 192 | update.exe |
|
| Details | File | 1 | utilitywarrior.dll |
|
| Details | File | 28 | windowsupdate.exe |
|
| Details | File | 2 | warriors.dat |
|
| Details | File | 5 | login.log |
|
| Details | File | 1 | mt760.doc |
|
| Details | File | 1 | john.cab |
|
| Details | File | 2 | date07_05_2015.doc |
|
| Details | sha1 | 2 | 78df63cc2a82626b48d3d1858ce966187f1059c5 |
|
| Details | sha1 | 2 | 4a2e1b5a9ef2d4fd62fd3c1af03252bbf54a871a |
|
| Details | sha1 | 1 | fcc09a899e793de6daeee773fa135caa7af25c68 |
|
| Details | sha1 | 2 | aded761fc040c0a2bdccc54941f66b13b36e211d |
|
| Details | sha1 | 1 | fb434ba4f1eaf9f7f20fe6f49c4375e90fa98069 |
|
| Details | sha1 | 1 | 889fd076e5c50e8350a804e953895cd9247512b6 |
|
| Details | sha1 | 1 | 844d4888ec0968a9b6da60ec2f1f2aa26937e201 |
|
| Details | sha1 | 2 | faadfd6f7d6158204f65ae7d60eb876aa33fd0cb |
|
| Details | sha1 | 2 | 5918a3dcf36b38c6ac9077e3a18f09f4573f243b |
|
| Details | sha1 | 1 | b5558d707b3f9df6f689ba75d5e2a3ae17c0c371 |
|
| Details | sha1 | 2 | 61d9bdba7081ed426e82de6026b13780c26b4493 |
|
| Details | sha1 | 4 | ea0d041f35786966b65ff24ea842b64ae09fd8e5 |
|
| Details | IPv4 | 2 | 41.138.184.85 |
|
| Details | IPv4 | 2 | 192.185.94.137 |
|
| Details | IPv4 | 2 | 94.242.224.181 |
|
| Details | IPv4 | 2 | 93.190.95.52 |
|
| Details | IPv4 | 2 | 62.108.40.45 |
|
| Details | IPv4 | 1 | 41.190.2.25 |
|
| Details | IPv4 | 1 | 41.190.2.23 |
|
| Details | IPv4 | 1 | 41.190.3.133 |
|
| Details | IPv4 | 1 | 41.190.3.167 |
|
| Details | IPv4 | 1 | 41.220.69.106 |
|
| Details | IPv4 | 1 | 178.73.219.169 |
|
| Details | IPv4 | 1 | 46.246.81.240 |
|
| Details | IPv4 | 1 | 178.73.219.37 |
|
| Details | IPv4 | 1 | 105.112.8.13 |
|
| Details | IPv4 | 1 | 105.112.10.2 |
|
| Details | IPv4 | 1 | 104.238.179.24 |
|
| Details | IPv4 | 1 | 108.61.215.117 |
|
| Details | IPv4 | 115 | 1.0.0.0 |
|
| Details | IPv4 | 2 | 23.249.225.140 |
|
| Details | IPv4 | 1 | 185.17.1.199 |
|
| Details | IPv4 | 1 | 142.54.162.195 |
|
| Details | IPv4 | 2 | 216.170.116.120 |
|
| Details | Url | 1 | http://192.185.94.137/%7erecipes/www.norton.com/downloads/doc_ref_0983 |
|
| Details | Url | 1 | http://192.185.94.137/%7erecipes/www.norton.com/download/remittance004- |
|
| Details | Url | 2 | http://192.185.94.137/%7erecipes/norton/download/remittance004-html.jar |
|
| Details | Url | 1 | http://94.242.224.181/www.notornsecurity.com/remitance004-pdf.jar |
|
| Details | Url | 1 | http://93.190.95.52/www.nortonsecurity.com/remittance004.pif |
|
| Details | Windows Registry Key | 196 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWAR |
|
| Details | Windows Registry Key | 13 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
| Details | Windows Registry Key | 49 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |