2018 年 Windows 服务器挖矿木马总结报告
Common Information
| Type | Value |
|---|---|
| UUID | 594e9087-0aec-4946-b1ba-bdacfc9252e7 |
| Fingerprint | d77255229d96c33780f887a6af48ca39311283a11cf5bc73eb41684f3a5d0361 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 15, 2019, 12:28 p.m. |
| Added to db | March 9, 2024, 11:23 p.m. |
| Last updated | Aug. 30, 2024, 10:12 p.m. |
| Headline | 2018 年 Windows 服务器挖矿木马总结报告 |
| Title | 2018 年 Windows 服务器挖矿木马总结报告 |
| Detected Hints/Tags/Attributes | 27/2/68 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 81 | cve-2017-10271 |
|
| Details | CVE | 3 | cve-2017-3248 |
|
| Details | CVE | 16 | cve-2018-2628 |
|
| Details | CVE | 10 | cve-2018-2894 |
|
| Details | CVE | 14 | cve-2010-0738 |
|
| Details | CVE | 13 | cve-2017-12149 |
|
| Details | CVE | 120 | cve-2017-5638 |
|
| Details | CVE | 28 | cve-2017-9805 |
|
| Details | CVE | 26 | cve-2018-11776 |
|
| Details | CVE | 56 | cve-2018-7600 |
|
| Details | CVE | 17 | cve-2018-7602 |
|
| Details | CVE | 13 | cve-2018-1273 |
|
| Details | CVE | 11 | cve-2017-12615 |
|
| Details | CVE | 47 | cve-2017-0143 |
|
| Details | CVE | 1 | cve-2015-7768 |
|
| Details | Domain | 1 | 7h4uk.com |
|
| Details | Domain | 1 | status.chalive.cn |
|
| Details | Domain | 41 | www.freebuf.com |
|
| Details | Domain | 4126 | github.com |
|
| Details | Domain | 2 | www.coingecko.com |
|
| Details | Domain | 12 | www.360.cn |
|
| Details | Domain | 2 | blog.minerva-labs.com |
|
| Details | Domain | 122 | www.kaspersky.com |
|
| Details | Domain | 38 | blog.netlab.360.com |
|
| Details | Domain | 3 | www.huorong.cn |
|
| Details | Domain | 42 | tencent.com |
|
| Details | Domain | 20 | ti.360.net |
|
| Details | Domain | 8 | www.alienvault.com |
|
| Details | File | 2121 | cmd.exe |
|
| Details | File | 1204 | powershell.exe |
|
| Details | File | 457 | regsvr32.exe |
|
| Details | File | 226 | certutil.exe |
|
| Details | File | 63 | bitsadmin.exe |
|
| Details | File | 374 | wscript.exe |
|
| Details | File | 154 | cscript.exe |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 239 | wmic.exe |
|
| Details | File | 1 | 而诸如regsvr32.exe |
|
| Details | File | 1 | 158007.html |
|
| Details | File | 1 | 166066.html |
|
| Details | File | 1 | 175626.html |
|
| Details | File | 1 | 10470.html |
|
| Details | File | 1 | 150097083373.html |
|
| Details | File | 1 | 504.html |
|
| Details | File | 1 | 180544.html |
|
| Details | File | 1 | 10542.html |
|
| Details | Github username | 4 | danielbohannon |
|
| Details | IPv4 | 1 | 173.208.202.234 |
|
| Details | IPv4 | 1 | 121.41.33.131 |
|
| Details | IPv4 | 1 | 120.27.244.75 |
|
| Details | Url | 1 | http://121.41.33.131:8000 |
|
| Details | Url | 1 | http://120.27.244.75:53 |
|
| Details | Url | 1 | http://status.chalive.cn |
|
| Details | Url | 1 | https://www.freebuf.com/news/158007.html |
|
| Details | Url | 1 | https://www.freebuf.com/articles/web/166066.html |
|
| Details | Url | 1 | https://github.com/danielbohannon/invoke-dosfuscation |
|
| Details | Url | 1 | https://www.coingecko.com/zh/%e4%bb%b7%e6%a0%bc%e5%9b%be/%e9%97%a8%e7%bd%97% |
|
| Details | Url | 1 | https://www.freebuf.com/articles/web/175626.html |
|
| Details | Url | 1 | http://www.360.cn/n/10470.html |
|
| Details | Url | 1 | https://blog.minerva-labs.com/ghostminer-cryptomining-malware-goes-fileless |
|
| Details | Url | 1 | https://www.kaspersky.com/blog/powerghost-fileless-miner/23310 |
|
| Details | Url | 1 | https://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-sprea |
|
| Details | Url | 1 | https://www.huorong.cn/info/150097083373.html |
|
| Details | Url | 1 | https://s.tencent.com/research/report/504.html |
|
| Details | Url | 1 | https://ti.360.net/blog/articles/8220-mining-gang-in-china |
|
| Details | Url | 1 | https://www.freebuf.com/column/180544.html |
|
| Details | Url | 1 | http://www.360.cn/n/10542.html |
|
| Details | Url | 1 | https://www.alienvault.com/blogs/labs-research/massminer-malware-targeting- |