ioc[.]one - OSINT Cyber Threat Intelligence Database

Obfuscated Coinhive shortlink reveals larger mining operation | Malwarebytes Labs

Tags

cmtmf-attack-pattern:	Traffic Distribution
country:	Egypt
maec-delivery-vectors:	Watering Hole
attack-pattern:	Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	419a96bb-2e69-457e-b26d-53311954e746
Fingerprint	6c392d99923b66ef
Analysis status	DONE
Considered CTI value	0
Text language
Published	July 3, 2018, midnight
Added to db	Jan. 18, 2023, 8:35 p.m.
Last updated	Nov. 15, 2024, 1:38 p.m.
Headline	Obfuscated Coinhive shortlink reveals larger mining operation
Title	Obfuscated Coinhive shortlink reveals larger mining operation \| Malwarebytes Labs
Detected Hints/Tags/Attributes	51/4/26

Source URLs

	Redirection	Url
Details	Source	https://blog.malwarebytes.com/threat-analysis/2018/07/obfuscated-coinhive-shortlink-reveals-larger-mining-operation/

URL Provider

Details	Provider	Source level domain
Details	malwarebytes.com	blog.malwarebytes.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	cnhv.co
Details	Domain	154	urlscan.io
Details	Domain	1	cnvh.co
Details	Domain	1	cctvvietnam.com
Details	Domain	1	pixelbedlam.co.uk
Details	Domain	1	valam.in
Details	Domain	1	stemat.pl
Details	Domain	1	whylab.nl
Details	Domain	1	soho-dom.ru
Details	Domain	1	motoir.com
Details	File	1	wzdea.php
Details	File	1	6nfme.php
Details	File	1	z8d6w.php
Details	File	1	dzwfy.php
Details	File	1	1hwnz.php
Details	File	1	ywuul.php
Details	File	1	winsystem.exe
Details	File	1	clock.exe
Details	File	1	netflash.exe
Details	File	1	xxxphoto.exe
Details	File	4	zz1.php
Details	sha256	2	c890d18fe3753a9ea4d026fc713247a9b83070b6fe40539779327501916be031
Details	IPv4	1	5.45.79.15
Details	IPv4	1	37.1.197.121
Details	IPv4	1	5.61.46.146
Details	Url	1	https://cnhv.co/3h2b2