Carbine Loader Cryptojacking Campaign
Tags
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Cron - T1053.003 Dns - T1071.004 Dns - T1590.002 Dynamic Dns - T1311 Dynamic Dns - T1333 Exploits - T1587.004 Exploits - T1588.005 Resource Hijacking - T1496 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Unix Shell - T1059.004 Vulnerabilities - T1588.006 Vulnerability Scanning - T1595.002 Custom Cryptographic Protocol - T1024 Exploit Public-Facing Application - T1190
Show in Graph
Common Information
Type Value
UUID 0d9b3973-e86f-48e7-9432-c1207529393a
Fingerprint 34b0c8911eaf83d1
Analysis status DONE
Considered CTI value 2
Text language
Published April 13, 2021, midnight
Added to db Aug. 31, 2024, 10:02 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Carbine Loader Cryptojacking Campaign
Title Carbine Loader Cryptojacking Campaign
Detected Hints/Tags/Attributes 62/1/34
Source URLs
Redirection Url
Details Source https://www.lacework.com/blog/carbine-loader-cryptojacking-campaign
URL Provider
Details Provider Source level domain
Details lacework.com www.lacework.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 326 Lacework Blog https://www.lacework.com/lacework_blog.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 1 
cve-2021-3193
Details CVE 1 
cve-2017-6393
Details Domain 11 
update.aegis.aliyun.com
Details Domain 18 
uninstall.sh
Details Domain 3 
uninst.sh
Details Domain 8 
config.sh
Details Domain 4 
newdat.sh
Details Domain 2 
sslcer.justdied.com
Details Domain 3 
watch.sh
Details Domain 358 
pastebin.com
Details Domain 2 
jquery-dns-07.dns05.com
Details Domain 21 
pool.minexmr.com
Details File 153 
config.json
Details File 1 
xd.json
Details File 49 
id_rsa.pub
Details sha256 1 
4ae513b6f46132aec7d1c268e6ee981af1ac0ab6d92c448c7c9bdedd63e3c303
Details sha256 1 
5f19a959b36c2696ef95873017b48ab03c3ae83ecae2ea5092a30fb6179f5c7c
Details sha256 1 
67ce0dbe860841a70026de673be1a5fc5062e293dbfb05564bb8eb489ce56c44
Details sha256 1 
b0a7aa88d5db826b95a1c53e92dd19b7cfe4fb87fbd218a16d170c1644d57b0b
Details sha256 1 
d6e77ec049176143afdc4f602f8764e001ebfcbe9f9ffb2aa1417b74d5818c61
Details IPv4 619 
0.0.0.0
Details IPv4 1 
66.42.106.51
Details IPv4 1 
185.183.84.197
Details IPv4 1 
45.138.209.197
Details MITRE ATT&CK Techniques 107 
T1496
Details MITRE ATT&CK Techniques 542 
T1190
Details MITRE ATT&CK Techniques 86 
T1059.004
Details MITRE ATT&CK Techniques 44 
T1053.003
Details MITRE ATT&CK Techniques 1 
T1024.004
Details Url 1 
http://update.aegis.aliyun.com/download/uninstall.sh||curl
Details Url 8 
http://update.aegis.aliyun.com/download/uninstall.sh
Details Url 1 
http://update.aegis.aliyun.com/download/quartz_uninstall.sh||curl
Details Url 7 
http://update.aegis.aliyun.com/download/quartz_uninstall.sh
Details Url 1 
https://sslcer.justdied.com:8080