Intelligence Bulletin – When Cryptomining Attacks
Tags
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Connection Proxy - T1090 |
Common Information
| Type | Value |
|---|---|
| UUID | 1aad3624-52d8-48d2-8ce5-ef86f24c6aa0 |
| Fingerprint | 95141aadf0edfecd |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 7, 2018, noon |
| Added to db | Aug. 13, 2023, 8:54 a.m. |
| Last updated | Nov. 17, 2024, 6:53 p.m. |
| Headline | Intelligence Bulletin – When Cryptomining Attacks |
| Title | Intelligence Bulletin – When Cryptomining Attacks |
| Detected Hints/Tags/Attributes | 22/1/108 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 346 | ✔ | Optiv Blog | https://www.optiv.com/resources/blog/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | www.luoxkexp.com |
|
| Details | Domain | 2 | luoxkexp.com |
|
| Details | Domain | 1 | letoscribe.ru |
|
| Details | Domain | 1 | selectv2.sh |
|
| Details | Domain | 3 | lowerv2.sh |
|
| Details | Domain | 3 | rootv2.sh |
|
| Details | Domain | 1 | logo.jp |
|
| Details | Domain | 2 | zsw8.cc |
|
| Details | Domain | 358 | pastebin.com |
|
| Details | Domain | 9 | minergate.com |
|
| Details | Domain | 16 | minexmr.com |
|
| Details | Domain | 1 | pool-proxy.com |
|
| Details | Domain | 1 | fee.xmrig.com |
|
| Details | Domain | 7 | nicehash.com |
|
| Details | Domain | 3 | data.rel.ro |
|
| Details | Domain | 1 | dkuug.dk |
|
| Details | Domain | 31 | pool.supportxmr.com |
|
| Details | Domain | 1 | pool.cortins.tk |
|
| Details | md5 | 1 | 0dc34402be603f563bfb25e7c476a0b4 |
|
| Details | md5 | 1 | 6455ffef458df6d24dd4df37f3d6df73 |
|
| Details | md5 | 1 | 9eadc40299864089e8a0959d04b02b39 |
|
| Details | md5 | 2 | e1df71c38cea61397e713d6e580e9051 |
|
| Details | sha1 | 1 | deeb65dbf4ac5d1d0db6ac4467282f62049a3620 |
|
| Details | sha1 | 1 | 777af085e72a4a19b6971f24c1167989335af508 |
|
| Details | sha1 | 1 | 4f41da624726daf16e1c0034e8a6a99c790be61e |
|
| Details | sha1 | 1 | 9be68990dd7b071b192b89b0e384f290cce2b2db |
|
| Details | sha256 | 1 | 7153ac617df7aa6f911e361b1f0c8188ca5c142c6aaa8faa2a59b55e0b823c1c |
|
| Details | sha256 | 1 | 9359f7e7b1dd0f4ce4a2c52fe611c981a3dd7a17f935862e3ce9acb5f2df8ced |
|
| Details | sha256 | 1 | f4864b3793c93de50b953e9751dc22e03fa0333ae6856d8d153be9018da6d911 |
|
| Details | sha256 | 1 | d47d2aa3c640e1563ba294a140ab3ccd22f987d5c5794c223ca8557b68c25e0d |
|
| Details | sha256 | 1 | bcf306bf3c905567ac1a5012be94fe642cac6116192cea6486730341b32b38a4 |
|
| Details | sha256 | 1 | 0c5e960ca2a37cf383a7457bcc82e66d5b94164b12dfca1f21501211d9aca3c9 |
|
| Details | sha256 | 1 | b3aba7582de82a0229b4d4caf73bc50cc18eb98109a0e251447dfb47afabc597 |
|
| Details | sha256 | 1 | 0b2bd245ce62787101bc56b1eeda9f74e0f87b72781c8f50a1eff185a2a98391 |
|
| Details | sha256 | 1 | 182812097daabfc3fe52dd485bb0a0f566ddf47f23b9d9f72c2df01a1a4faf84 |
|
| Details | sha256 | 1 | 43f78c1c1b078f29fd5eb75759aa7b1459aa3f1679bbaabc1e67c362620650fb |
|
| Details | sha256 | 1 | 370109b73fa9dceea9e2b34b466d0d2560025efcc78616387d84732cbe82b6bd |
|
| Details | sha256 | 1 | 36524172afa85a131bf0075c7ff20dcbfb8a94c4e981300fb33ef56ed912678c |
|
| Details | sha256 | 1 | 348c7dd59ea1b4e88585863dd788621f1101202d32df67eb0015761d25946420 |
|
| Details | sha256 | 1 | 198e090e86863fb5015e380dc159c5634cc2a598e93b20dd9695e1649bb062ad |
|
| Details | sha256 | 1 | 3b83c25a00b3820b28941d4be1583af8ed22ca20a8270c318d02e4918d7b3070 |
|
| Details | IPv4 | 1 | 104.25.208.15 |
|
| Details | IPv4 | 3 | 94.130.143.162 |
|
| Details | IPv4 | 1 | 72.11.140.178 |
|
| Details | IPv4 | 3 | 88.99.142.163 |
|
| Details | IPv4 | 3 | 78.46.91.134 |
|
| Details | IPv4 | 1 | 104.25.209.15 |
|
| Details | IPv4 | 3 | 136.243.102.154 |
|
| Details | IPv4 | 2 | 136.243.102.167 |
|
| Details | IPv4 | 2 | 148.251.133.246 |
|
| Details | IPv4 | 1 | 104.223.37.150 |
|
| Details | IPv4 | 1 | 208.92.90.51 |
|
| Details | IPv4 | 1 | 45.77.106.29 |
|
| Details | IPv4 | 1 | 181.214.87.240 |
|
| Details | IPv4 | 1 | 181.214.87.241 |
|
| Details | IPv4 | 1 | 27.148.157.89 |
|
| Details | IPv4 | 1 | 221.229.204.177 |
|
| Details | IPv4 | 1 | 5.188.87.12 |
|
| Details | Url | 1 | http://27.148.157.89:8899/1.exe |
|
| Details | Url | 1 | http://221.229.204.177:8888 |
|
| Details | Url | 1 | http://27.148.157.89:8899/xmrig |
|
| Details | Url | 1 | http://72.11.140.178/?info=l30 |
|
| Details | Url | 1 | http://72.11.140.178/files |
|
| Details | Url | 1 | http://72.11.140.178/?info=l69 |
|
| Details | Url | 1 | http://72.11.140.178/files/w/default |
|
| Details | Url | 1 | http://27.148.157.89:8899/xmr64.exe |
|
| Details | Url | 1 | http://72.11.140.178/?info=w0 |
|
| Details | Url | 1 | http://27.148.157.89:8899/1.sh |
|
| Details | Url | 1 | http://72.11.140.178/files/w/default/auto-upgrade.exe |
|
| Details | Url | 1 | http://72.11.140.178/files/w/default?info=w0 |
|
| Details | Url | 1 | http://www.luoxkexp.com:8520/php.exe |
|
| Details | Url | 1 | http://72.11.140.178/auto-upgrade |
|
| Details | Url | 1 | http://luoxkexp.com:8888/samba.exe |
|
| Details | Url | 1 | http://27.148.157.89:8899/xmr86.exe |
|
| Details | Url | 1 | http://27.148.157.89:8899/fuckpig.jar |
|
| Details | Url | 1 | http://www.luoxkexp.com:8520 |
|
| Details | Url | 1 | http://72.11.140.178/?info=w9 |
|
| Details | Url | 1 | http://72.11.140.178/files/w/default?info=w9 |
|
| Details | Url | 1 | http://luoxkexp.com:8888/xmr64.exe |
|
| Details | Url | 1 | http://luoxkexp.com/xmr64.exe |
|
| Details | Url | 1 | http://27.148.157.89:8899/112.exe |
|
| Details | Url | 1 | http://27.148.157.89:8899/jiba |
|
| Details | Url | 1 | http://luoxkexp.com |
|
| Details | Url | 1 | http://72.11.140.178/files/w/others |
|
| Details | Url | 1 | http://72.11.140.178/setup-watch |
|
| Details | Url | 1 | http://72.11.140.178/wls-wsat/coordinatorporttype |
|
| Details | Url | 1 | http://72.11.140.178/?info=l60 |
|
| Details | Url | 1 | http://72.11.140.178/files/l/default |
|
| Details | Url | 1 | http://luoxkexp.com:8888/xmr86.exe |
|
| Details | Url | 1 | http://luoxkexp.com:8899/xmr64.exe |
|
| Details | Url | 1 | http://72.11.140.178/files/l/others |
|
| Details | Url | 1 | http://luoxkexp.com:8899/1.exe |
|
| Details | Url | 1 | http://letoscribe.ru/includes/libraries/files.tar.gz |
|
| Details | Url | 1 | http://letoscribe.ru/includes/libraries/getsetup.php?p=wl |
|
| Details | Url | 1 | http://45.77.106.29/selectv2.sh |
|
| Details | Url | 1 | http://45.77.106.29/sourplum |
|
| Details | Url | 1 | http://45.77.106.29/lowerv2.sh |
|
| Details | Url | 1 | http://45.77.106.29/rootv2.sh |
|
| Details | Url | 1 | http://181.214.87.240/res/logo.jp |
|
| Details | Url | 1 | http://5.188.87.12/langs/kworker_na |
|
| Details | Url | 1 | http://181.214.87.240/res/kworker.conf |
|
| Details | Url | 1 | http://letoscribe.ru/includes/libraries/notify.php?p=wl |
|
| Details | Url | 1 | http://104.223.37.150:8090 |
|
| Details | Url | 1 | http://k.zsw8.cc:8080 |
|
| Details | Url | 1 | http://i.zsw8.cc:8080 |
|
| Details | Url | 1 | http://pastebin.com/raw/rwjyegdq |
|
| Details | Url | 1 | http://208.92.90.51 |
|
| Details | Url | 1 | http://208.92.90.51:443 |