“CryptoSink” Campaign Deploys a New Miner Malware
Tags
country: China
maec-delivery-vectors: Watering Hole
attack-pattern: Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Hardware - T1592.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Vulnerabilities - T1588.006 Denial Of Service
Show in Graph
Common Information
Type Value
UUID 275eefb9-48bf-4b50-bd64-23301cb1116c
Fingerprint a5293d930c35bfab
Analysis status DONE
Considered CTI value 0
Text language
Published March 13, 2019, 11:28 a.m.
Added to db Nov. 6, 2023, 6:42 p.m.
Last updated Nov. 18, 2024, 4:21 p.m.
Headline “CryptoSink” Campaign Deploys a New Miner Malware
Title “CryptoSink” Campaign Deploys a New Miner Malware
Detected Hints/Tags/Attributes 51/3/14
Source URLs
Redirection Url
Details Source https://www.f5.com/labs/articles/threat-intelligence/-cryptosink--campaign-deploys-a-new-miner-malware
URL Provider
Details Provider Source level domain
Details f5.com www.f5.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 308 F5 Labs Threats https://www.f5.com/labs/rss-feeds/threats.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 15 
cve-2014-3120
Details Domain 2 
ctos.sh
Details Domain 1 
3ei.xyz
Details Domain 1 
21-3n.xyz
Details Domain 1 
21-2n.com
Details Domain 359 
pastebin.com
Details Domain 3 
thyrsi.com
Details Domain 1 
zer0day.ru
Details Domain 1 
pool.zer0day.com
Details Domain 30 
init.sh
Details Domain 2 
crontab.sh
Details File 2 
nvidia.exe
Details IPv4 6 
127.1.1.1
Details IPv4 1442 
127.0.0.1