10387061-1.v1 XMRig Cryptocurrency Mining Software | CISA
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Software - T1592.002 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | 125e6252-4694-413c-b134-c833643010a0 |
| Fingerprint | d597d9db5f7b9fcf |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 16, 2022, midnight |
| Added to db | Feb. 14, 2023, 2:55 p.m. |
| Last updated | Nov. 17, 2024, 6:31 p.m. |
| Headline | Malware Analysis Report (AR22-320A) |
| Title | 10387061-1.v1 XMRig Cryptocurrency Mining Software | CISA |
| Detected Hints/Tags/Attributes | 48/2/20 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 85 | ✔ | — | https://cisa.gov/uscert/ncas/analysis-reports.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 469 | www.cisa.gov |
|
| Details | Domain | 2 | mine.c3pool.com |
|
| Details | Domain | 154 | us-cert.cisa.gov |
|
| Details | Domain | 84 | malware.us-cert.gov |
|
| Details | Domain | 84 | ftp.malware.us-cert.gov |
|
| Details | 84 | submit@malware.us-cert.gov |
||
| Details | File | 20 | winring0x64.sys |
|
| Details | File | 46 | runtimebroker.exe |
|
| Details | File | 1 | wuaucltservice.exe |
|
| Details | File | 153 | config.json |
|
| Details | md5 | 1 | f0cf1d3d9ed23166ff6c1f3deece19b4 |
|
| Details | sha256 | 6 | 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5 |
|
| Details | sha256 | 1 | 2ffe6509d965413d20ae859a4b4878246119159c368c945a7b466435b4e6e6df |
|
| Details | sha256 | 1 | 673ebada19e044b1ddb88155ad99188ba403cbb413868877b3ce0af11617bcfb |
|
| Details | sha256 | 1 | b511c0f45d2a1def0985fa631d1a6df5f754bc7c5f53105cc97c247b97ff0f56 |
|
| Details | sha256 | 3 | 0663d70411a20340f184ae3b47138b33ac398c800920e4d976ae609b60522b01 |
|
| Details | Url | 43 | http://www.cisa.gov/tlp. |
|
| Details | Url | 53 | https://us-cert.cisa.gov/forms/feedback |
|
| Details | Url | 84 | https://malware.us-cert.gov |
|
| Details | Yara rule | 1 | rule CISA_10372500_02 : miner XMRIG {
meta:
Author = "CISA Code & Media Analysis"
Incident = "10372500"
Date = "2022-03-03"
Last_Modified = "20220307_1600"
Actor = "n/a"
Category = "Miner"
Family = "XMRIG"
Description = "Detects XMRIG Miner samples"
MD5_1 = "f0cf1d3d9ed23166ff6c1f3deece19b4"
SHA256_1 = "0663d70411a20340f184ae3b47138b33ac398c800920e4d976ae609b60522b01"
strings:
$s0 = { 58 4D 52 69 67 20 36 2E }
$s1 = { 63 6F 6E 66 69 67 5C 78 6D 72 69 67 2E 6A 73 }
$s2 = { 78 6D 72 69 67 2D 63 75 64 61 2E 64 6C 6C }
$s3 = { 6C 69 62 78 6D 72 69 67 2D }
$s4 = { 63 75 64 61 2E 73 6F }
$s5 = { 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F }
$s6 = { 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 }
condition:
all of them
} |