ioc[.]one - OSINT Cyber Threat Intelligence Database

How We Tracked a Threat Group Running an Active Cryptojacking Campaign

Tags

country:	Romania
attack-pattern:	Data Model Credentials - T1589.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110 Sudo - T1169

Show in Graph

Common Information

Type	Value
UUID	3f154365-6699-499c-b913-24d526a28c48
Fingerprint	b5c38cd98d978681
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 14, 2021, midnight
Added to db	Sept. 11, 2022, 12:48 p.m.
Last updated	Nov. 18, 2024, 8:35 a.m.
Headline	How We Tracked a Threat Group Running an Active Cryptojacking Campaign
Title	How We Tracked a Threat Group Running an Active Cryptojacking Campaign
Detected Hints/Tags/Attributes	78/2/60

Source URLs

	Redirection	Url
Details	Source	https://www.bitdefender.com/blog/labs/how-we-tracked-a-threat-group-running-an-active-cryptojacking-campaign

URL Provider

Details	Provider	Source level domain
Details	bitdefender.com	www.bitdefender.com

Attributes

Details	Type	#Events	Value
Details	Domain	3	mexalz.us
Details	Domain	2	find.sh
Details	Domain	2	chernobyl.sh
Details	Domain	2	chernobyltftp1.sh
Details	Domain	2	chernobyltftp2.sh
Details	Domain	2	area17.mexalz.us
Details	Domain	2	cdn.arhive.online
Details	Domain	2	requests.arhive.online
Details	Domain	32	golang.org
Details	Domain	2	developer60-stack.github.io
Details	Domain	2	payload.github.io
Details	Domain	4129	github.com
Details	Domain	7	cracked.to
Details	Domain	56	bitdefender.com
Details	Email	2	draco@bitdefender.com
Details	File	2	jack.tar
Details	File	2	juanito.tar
Details	File	2	kamelot.tar
Details	File	2	satan.db
Details	File	2	scn.tar
Details	File	2	skamelot.tar
Details	File	2	phoenixminer.tar
Details	File	2	ethminer.tar
Details	Github username	2	developer60-stack
Details	sha256	2	d73a1c77783712e67db71cbbaabd8f158bb531d23b74179cda8b8138ba15941e
Details	sha256	2	ed2ae1f0729ef3a26c98b378b5f83e99741b34550fb5f16d60249405a3f0aa33
Details	sha256	2	ef335e12519f17c550bba98be2897d8e700deffdf044e1de5f8c72476c374526
Details	sha256	2	9de853e88ba363b124dfce61bc766f8f42c84340c7bd2f4195808434f4ed81e3
Details	sha256	2	eb0f3d25e1023a408f2d1f5a05bf236a00e8602a84f01e9f9f88ff51f04c8c94
Details	sha256	2	dcc52c4446adba5a61e172b973bca48a45a725a1b21a98dafdf18223ec8eb8b9
Details	sha256	2	99531a7c39e3ea9529f5f43234ca5b23cb7bb82ee54f04eff631f5ca9153e6d4
Details	sha256	2	74a425bcb5eb76851279b420c8da5f57a1f0a99a11770182c356ba3160344846
Details	sha256	2	9f691e132f5a2c9468f58aeac9b7aa5df894d1ad54949f87364d1df2bf005414
Details	sha256	2	f53241f60a59ba20d29fab8c973a5b4c05c24865ae033fffb7cdfa799f0ad25d
Details	sha256	2	275ef26528f36f1af516b0847d90534693d4419db369027b981f77d79f07d357
Details	sha256	2	8beccb10b004308cadad7fa86d6f2ff47c92c95fc557bf05188c283df6942c13
Details	sha256	2	f9ed735b2b8f89f9d8edfc6a8d11a4ee903e153777b33d214c245a02636d7745
Details	sha256	2	23cf4c34f151c622a5818ade68286999ae4db7364b5d9ed7b8ed035c58116179
Details	sha256	2	8dfdbc66ac4a38766ca1cb45f9b50e0f7f91784ad9b6227471469ae5793f6584
Details	sha256	2	f1d4e2d8f63c3b68d56c668aafbf1c82d045814d457c9c83b37115b61c535baa
Details	sha256	2	3078662f56861c98f96f8bc8647ffa70522dbc22cbd7ba91b9c80bc667d2a3a9
Details	sha256	2	2a8298047add78360dc3e6d5ac4a38ddb7a67deebc769b1201895afe39b8c0e1
Details	sha256	2	7bfb35caf3f8760868c2985c4ccf749b14deab63ac6effd653871094fed0d5e5
Details	sha256	2	f6e92eff8887ee28eb56602a3588a3d39ca24a35d9f88fe2551d87dc6ced8913
Details	sha256	2	8bf108ab897a480c44d56088662e592c088939eeb86cccaac6145de35eb3a024
Details	sha256	2	31a88ff5c0888bcbbbd02c1c18108c884ff02fd93a476e738d22b627e24601c0
Details	sha256	2	e89b40a6e781ad80d688d1aa4677151805872b50a08aaf8aa64291456e4d476d
Details	sha256	4	2ef26484ec9e70f9ba9273a9a7333af195fb35d410baf19055eacbfa157ef251
Details	sha256	2	8970d74d96558b280567acdf147bfe289c431d91a150797aa5e3a8e8d52fb27d
Details	sha256	3	9aa8a11a52b21035ef7badb3f709fa9aa7e757788ad6100b4086f1c6a18c8ab2
Details	sha256	2	1275e604a90acc2a0d698dde5e972ff30d4c506eae526c38c5c6aaa6a113f164
Details	sha256	2	977dc6987a12c27878aef5615d2d417b2b518dc2d50d21300bfe1b700071d90e
Details	sha256	2	ccda60378a7f3232067e2d7cd0efe132e7a3f7c6a299e64ceba319c1f93a9aa2
Details	IPv4	2	45.32.112.68
Details	IPv4	2	194.33.45.197
Details	IPv4	2	207.148.118.221
Details	Url	2	http://45.32.112.68/.sherifu/.93joshua
Details	Url	2	http://194.33.45.197:8080/chernobyl/chernobyl.sh
Details	Url	2	https://discord.com/api/webhooks/796089316517347369/zrjsflka7z9c4n9papwijqflmskgk5ijnv9t_z880jhlopkq3oegsbdz4gsx80wwry0g
Details	Url	2	https://discord.com/api/webhooks/845977569446068234/gggoh-5depmltii0oknc8z3b3mgxjzaxovl0r0dbimsp0hnmtiknx_joftlkjtbyrsx