Monero-Mining Malware PCASTLE Uses Fileless Techniques
Tags
country: Australia China Hong Kong India Japan Vietnam Taiwan
attack-pattern: Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110 Powershell - T1086 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID 1aab5407-55b1-44a0-ba0b-89e30d6b06d6
Fingerprint b684aa92b715cf47
Analysis status DONE
Considered CTI value 2
Text language
Published June 5, 2019, midnight
Added to db Oct. 15, 2024, 9:35 p.m.
Last updated Oct. 22, 2024, 7:59 a.m.
Headline Monero-Mining Malware PCASTLE Uses Fileless Techniques
Title Monero-Mining Malware PCASTLE Uses Fileless Techniques
Detected Hints/Tags/Attributes 56/2/8
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_in/research/19/f/monero-mining-malware-pcastle-zeroes-back-in-on-china-now-uses-multilayered-fileless-arrival-techniques.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Domain 3 
zer2.com
Details Domain 2 
down.ackng.com
Details Domain 3 
lpp.zer2.com
Details Domain 2 
lpp.ackng.com
Details File 38 
trojan.ps1
Details sha256 2 
ef8505ffb1526d36b05da851e50e27f87e35131e40a03095ace1b55b7662de9c
Details sha256 2 
1cff6e4e3bac810f22f27ac5e6b13012ebed27bbace1544e38c09fefb2a7e7c9
Details sha256 2 
4e4015a1c9c6327fdf18a4e41a0586f5083e055bbc93f260d58da2897bddea45