To crypt, or to mine – that is the question
Tags
| country: | Germany India Kazakhstan Russia Ukraine |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Software - T1592.002 Tool - T1588.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 446ca193-287f-4f55-b6ed-024864b43441 |
| Fingerprint | 7c05181fe93f8685 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 5, 2018, 10 a.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | To crypt, or to mine – that is the question |
| Title | To crypt, or to mine – that is the question |
| Detected Hints/Tags/Attributes | 69/3/318 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 80 | www.adobe.com |
|
| Details | Domain | 2 | content.ie |
|
| Details | Domain | 1 | trojan-downloader.win32.rakhni.pwc |
|
| Details | Domain | 1 | protnex.pw |
|
| Details | Domain | 1 | biserdio.pw |
|
| Details | File | 1 | alive.exe |
|
| Details | File | 1 | filewatcherservice.exe |
|
| Details | File | 1 | ngvmsvc.exe |
|
| Details | File | 8 | sandboxierpcss.exe |
|
| Details | File | 3 | analyzer.exe |
|
| Details | File | 6 | fortitracer.exe |
|
| Details | File | 1 | nsverctl.exe |
|
| Details | File | 6 | sbiectrl.exe |
|
| Details | File | 2 | angar2.exe |
|
| Details | File | 1 | goatcasper.exe |
|
| Details | File | 40 | ollydbg.exe |
|
| Details | File | 6 | sbiesvc.exe |
|
| Details | File | 5 | apimonitor.exe |
|
| Details | File | 1 | goatclientapp.exe |
|
| Details | File | 9 | peid.exe |
|
| Details | File | 2 | scanhost.exe |
|
| Details | File | 4 | apispy.exe |
|
| Details | File | 2 | hiew32.exe |
|
| Details | File | 8 | perl.exe |
|
| Details | File | 3 | scktool.exe |
|
| Details | File | 3 | apispy32.exe |
|
| Details | File | 3 | hookanaapp.exe |
|
| Details | File | 14 | petools.exe |
|
| Details | File | 12 | sdclt.exe |
|
| Details | File | 1 | asura.exe |
|
| Details | File | 5 | hookexplorer.exe |
|
| Details | File | 2 | pexplorer.exe |
|
| Details | File | 1 | sftdcc.exe |
|
| Details | File | 1 | autorepgui.exe |
|
| Details | File | 1 | httplog.exe |
|
| Details | File | 76 | ping.exe |
|
| Details | File | 1 | shutdownmon.exe |
|
| Details | File | 30 | autoruns.exe |
|
| Details | File | 1 | icesword.exe |
|
| Details | File | 5 | pr0c3xp.exe |
|
| Details | File | 2 | sniffhit.exe |
|
| Details | File | 15 | autorunsc.exe |
|
| Details | File | 1 | iclicker-release.exe |
|
| Details | File | 1 | prince.exe |
|
| Details | File | 5 | snoop.exe |
|
| Details | File | 1 | autoscreenshotter.exe |
|
| Details | File | 11 | idag.exe |
|
| Details | File | 1 | procanalyzer.exe |
|
| Details | File | 1 | spkrmon.exe |
|
| Details | File | 1 | avctestsuite.exe |
|
| Details | File | 3 | idag64.exe |
|
| Details | File | 56 | processhacker.exe |
|
| Details | File | 13 | sysanalyzer.exe |
|
| Details | File | 2 | avz.exe |
|
| Details | File | 17 | idaq.exe |
|
| Details | File | 1 | processmemdump.exe |
|
| Details | File | 3 | syser.exe |
|
| Details | File | 3 | behaviordumper.exe |
|
| Details | File | 11 | immunitydebugger.exe |
|
| Details | File | 64 | procexp.exe |
|
| Details | File | 5 | systemexplorer.exe |
|
| Details | File | 2 | bindiff.exe |
|
| Details | File | 11 | importrec.exe |
|
| Details | File | 40 | procexp64.exe |
|
| Details | File | 2 | systemexplorerservice.exe |
|
| Details | File | 1 | btptrayicon.exe |
|
| Details | File | 4 | imul.exe |
|
| Details | File | 74 | procmon.exe |
|
| Details | File | 1 | sython.exe |
|
| Details | File | 1 | capturebat.exe |
|
| Details | File | 1 | infoclient.exe |
|
| Details | File | 27 | procmon64.exe |
|
| Details | File | 117 | taskmgr.exe |
|
| Details | File | 8 | cdb.exe |
|
| Details | File | 1 | installrite.exe |
|
| Details | File | 65 | python.exe |
|
| Details | File | 1 | taslogin.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 1 | ipfs.exe |
|
| Details | File | 27 | pythonw.exe |
|
| Details | File | 22 | tcpdump.exe |
|
| Details | File | 2 | clicksharelauncher.exe |
|
| Details | File | 1 | iprosetmonitor.exe |
|
| Details | File | 8 | qq.exe |
|
| Details | File | 29 | tcpview.exe |
|
| Details | File | 1 | closepopup.exe |
|
| Details | File | 1 | iragent.exe |
|
| Details | File | 1 | qqffo.exe |
|
| Details | File | 8 | timeout.exe |
|
| Details | File | 1 | commview.exe |
|
| Details | File | 4 | iris.exe |
|
| Details | File | 6 | qqprotect.exe |
|
| Details | File | 6 | totalcmd.exe |
|
| Details | File | 4 | cports.exe |
|
| Details | File | 19 | joeboxcontrol.exe |
|
| Details | File | 1 | qqsg.exe |
|
| Details | File | 1 | crossfire.exe |
|
| Details | File | 19 | joeboxserver.exe |
|
| Details | File | 1 | raptorclient.exe |
|
| Details | File | 1 | txplatform.exe |
|
| Details | File | 2 | dnf.exe |
|
| Details | File | 1 | lamer.exe |
|
| Details | File | 22 | regmon.exe |
|
| Details | File | 7 | virus.exe |
|
| Details | File | 8 | dsniff.exe |
|
| Details | File | 1 | loghttp.exe |
|
| Details | File | 8 | regshot.exe |
|
| Details | File | 2 | vx.exe |
|
| Details | File | 30 | dumpcap.exe |
|
| Details | File | 17 | lordpe.exe |
|
| Details | File | 1 | repmgr64.exe |
|
| Details | File | 2 | winalysis.exe |
|
| Details | File | 4 | emul.exe |
|
| Details | File | 1 | malmon.exe |
|
| Details | File | 1 | reputils32.exe |
|
| Details | File | 3 | winapioverride32.exe |
|
| Details | File | 17 | ethereal.exe |
|
| Details | File | 1 | mbarun.exe |
|
| Details | File | 5 | repux.exe |
|
| Details | File | 35 | windbg.exe |
|
| Details | File | 15 | ettercap.exe |
|
| Details | File | 1 | mdpmon.exe |
|
| Details | File | 4 | runsample.exe |
|
| Details | File | 22 | windump.exe |
|
| Details | File | 1 | fakehttpserver.exe |
|
| Details | File | 1 | mmr.exe |
|
| Details | File | 4 | samp1e.exe |
|
| Details | File | 3 | winspy.exe |
|
| Details | File | 1 | fakeserver.exe |
|
| Details | File | 41 | sample.exe |
|
| Details | File | 71 | wireshark.exe |
|
| Details | File | 24 | fiddler.exe |
|
| Details | File | 1 | multipot.exe |
|
| Details | File | 2 | sandboxiecrypto.exe |
|
| Details | File | 24 | xxx.exe |
|
| Details | File | 29 | filemon.exe |
|
| Details | File | 3 | netsniffer.exe |
|
| Details | File | 9 | sandboxiedcomlaunch.exe |
|
| Details | File | 86 | service.exe |
|
| Details | File | 3 | vboxogl.dll |
|
| Details | File | 1 | prlcc.exe |
|
| Details | File | 15 | vgauthservice.exe |
|
| Details | File | 14 | vmsrvc.exe |
|
| Details | File | 6 | vmware-tray.exe |
|
| Details | File | 1 | prltools.exe |
|
| Details | File | 26 | vmacthlp.exe |
|
| Details | File | 74 | vmtoolsd.exe |
|
| Details | File | 3 | vmware-usbarbitrator.exe |
|
| Details | File | 3 | sharedintapp.exe |
|
| Details | File | 1 | vmicsvc.exe |
|
| Details | File | 14 | vmusrvc.exe |
|
| Details | File | 5 | vmware-usbarbitrator64.exe |
|
| Details | File | 11 | tpautoconnect.exe |
|
| Details | File | 11 | vmnat.exe |
|
| Details | File | 7 | vmware-authd.exe |
|
| Details | File | 28 | vmwaretray.exe |
|
| Details | File | 5 | tpautoconnsvc.exe |
|
| Details | File | 3 | vmnetdhcp.exe |
|
| Details | File | 1 | vmware-converter-a.exe |
|
| Details | File | 30 | vmwareuser.exe |
|
| Details | File | 42 | vboxservice.exe |
|
| Details | File | 3 | vmount2.exe |
|
| Details | File | 1 | vmware-converter.exe |
|
| Details | File | 9 | xenservice.exe |
|
| Details | File | 44 | vboxtray.exe |
|
| Details | File | 2 | vmremoteguest.exe |
|
| Details | File | 4 | vmware-hostd.exe |
|
| Details | File | 3 | certmgr.exe |
|
| Details | File | 1 | 179mqn7h0c.cer |
|
| Details | File | 62 | taskhost.exe |
|
| Details | File | 2 | 1cv7s.exe |
|
| Details | File | 2 | editor.exe |
|
| Details | File | 20 | mspaint.exe |
|
| Details | File | 2 | soffice.exe |
|
| Details | File | 4 | 1cv8.exe |
|
| Details | File | 4 | phantom.exe |
|
| Details | File | 57 | mysqld.exe |
|
| Details | File | 119 | sqlservr.exe |
|
| Details | File | 2 | 1cv8c.exe |
|
| Details | File | 1 | phantompdf.exe |
|
| Details | File | 1 | nitropdf.exe |
|
| Details | File | 66 | sqlwriter.exe |
|
| Details | File | 3 | 7zfm.exe |
|
| Details | File | 3 | reader.exe |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 1 | stduviewerapp.exe |
|
| Details | File | 6 | acad.exe |
|
| Details | File | 1 | foxitphantom.exe |
|
| Details | File | 173 | outlook.exe |
|
| Details | File | 6 | sumatrapdf.exe |
|
| Details | File | 4 | account.exe |
|
| Details | File | 5 | foxitreader.exe |
|
| Details | File | 1 | pdfmaster.exe |
|
| Details | File | 58 | thebat.exe |
|
| Details | File | 14 | acrobat.exe |
|
| Details | File | 1 | freepdfreader.exe |
|
| Details | File | 1 | pdfxcview.exe |
|
| Details | File | 2 | thebat32.exe |
|
| Details | File | 34 | acrord32.exe |
|
| Details | File | 17 | 8.exe |
|
| Details | File | 1 | pdfxedit.exe |
|
| Details | File | 63 | thunderbird.exe |
|
| Details | File | 1 | architect.exe |
|
| Details | File | 1 | gsmeta.exe |
|
| Details | File | 1 | pgctl.exe |
|
| Details | File | 1 | thunderbirdportable.exe |
|
| Details | File | 1 | bricscad.exe |
|
| Details | File | 1 | hamsterpdfreader.exe |
|
| Details | File | 7 | photoshop.exe |
|
| Details | File | 86 | visio.exe |
|
| Details | File | 1 | bridge.exe |
|
| Details | File | 1 | illustrator.exe |
|
| Details | File | 2 | picasa3.exe |
|
| Details | File | 2 | webmoney.exe |
|
| Details | File | 2 | coreldrw.exe |
|
| Details | File | 1 | indesign.exe |
|
| Details | File | 1 | picasaphotoviewer.exe |
|
| Details | File | 1 | windjview.exe |
|
| Details | File | 1 | corelpp.exe |
|
| Details | File | 1 | iview32.exe |
|
| Details | File | 14 | postgres.exe |
|
| Details | File | 47 | winrar.exe |
|
| Details | File | 199 | excel.exe |
|
| Details | File | 7 | keepass.exe |
|
| Details | File | 92 | powerpnt.exe |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 2 | fbguard.exe |
|
| Details | File | 1 | magnat2.exe |
|
| Details | File | 6 | rdrcef.exe |
|
| Details | File | 2 | wlmail.exe |
|
| Details | File | 2 | fbserver.exe |
|
| Details | File | 91 | msaccess.exe |
|
| Details | File | 1 | smwiz.exe |
|
| Details | File | 90 | wordpad.exe |
|
| Details | File | 1 | fineexec.exe |
|
| Details | File | 15 | msimn.exe |
|
| Details | File | 2 | soffice.bin |
|
| Details | File | 2 | xnview.exe |
|
| Details | File | 119 | avp.exe |
|
| Details | File | 16 | message.txt |
|
| Details | File | 1 | check_updates.vbs |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1 | 360docprotect.exe |
|
| Details | File | 27 | avgui.exe |
|
| Details | File | 5 | dwservice.exe |
|
| Details | File | 5 | mcuicnt.exe |
|
| Details | File | 1 | 360webshield.exe |
|
| Details | File | 10 | avgwdsvc.exe |
|
| Details | File | 7 | dwwatcher.exe |
|
| Details | File | 3 | mcupdate.exe |
|
| Details | File | 41 | avastsvc.exe |
|
| Details | File | 15 | servicehost.exe |
|
| Details | File | 36 | egui.exe |
|
| Details | File | 1 | protectionutilsurrogate.exe |
|
| Details | File | 41 | avastui.exe |
|
| Details | File | 1 | oe.sys |
|
| Details | File | 11 | tray.exe |
|
| Details | File | 53 | ekrn.exe |
|
| Details | File | 5 | qhactivedefense.exe |
|
| Details | File | 10 | avgcsrva.exe |
|
| Details | File | 6 | kav.exe |
|
| Details | File | 6 | qhsafetray.exe |
|
| Details | File | 1 | avgemca.exe |
|
| Details | File | 11 | avira.sys |
|
| Details | File | 5 | luall.exe |
|
| Details | File | 3 | qhwatchdog.exe |
|
| Details | File | 6 | avgidsagent.exe |
|
| Details | File | 4 | lucomserver.exe |
|
| Details | File | 28 | rtvscan.exe |
|
| Details | File | 1 | avgnsa.exe |
|
| Details | File | 11 | ccapp.exe |
|
| Details | File | 1 | mccspservicehost.exe |
|
| Details | File | 10 | smc.exe |
|
| Details | File | 14 | avgnt.exe |
|
| Details | File | 35 | ccsvchst.exe |
|
| Details | File | 3 | mcpvtray.exe |
|
| Details | File | 3 | smcgui.exe |
|
| Details | File | 1 | avgrsa.exe |
|
| Details | File | 1 | dumpuper.exe |
|
| Details | File | 5 | mcsacore.exe |
|
| Details | File | 8 | spideragent.exe |
|
| Details | File | 8 | avgrsx.exe |
|
| Details | File | 23 | dwengine.exe |
|
| Details | File | 45 | mcshield.exe |
|
| Details | File | 1 | symcorpui.exe |
|
| Details | File | 23 | avguard.exe |
|
| Details | File | 3 | dwnetfilter.exe |
|
| Details | File | 5 | mcsvhost.exe |
|
| Details | File | 14 | msascuil.exe |
|
| Details | File | 2 | list.log |
|
| Details | md5 | 1 | 81C0DEDFA5CB858540D3DF459018172A |
|
| Details | md5 | 1 | F4EC1E3270D62DD4D542F286797877E3 |
|
| Details | md5 | 1 | BFF4503FF1650D8680F8E217E899C8F4 |
|
| Details | md5 | 1 | 96F460D5598269F45BCEAAED81F42E9B |
|
| Details | Url | 1 | http://protnex.pw |
|
| Details | Url | 1 | http://biserdio.pw |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Adobe\DAVersion |
|
| Details | Windows Registry Key | 1 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle |
|
| Details | Windows Registry Key | 4 | HKLM\SOFTWARE\Oracle\VirtualBox |
|
| Details | Windows Registry Key | 1 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\ControlSet002\Enum\VMBUS |
|
| Details | Windows Registry Key | 1 | HKLM\HARDWARE\ACPI\DSDT\VBOX |
|
| Details | Windows Registry Key | 1 | HKLM\HARDWARE\ACPI\DSDT\VirtualBox |
|
| Details | Windows Registry Key | 1 | HKLM\HARDWARE\ACPI\DSDT\Parallels |
|
| Details | Windows Registry Key | 1 | HKLM\HARDWARE\ACPI\DSDT\PRLS |
|
| Details | Windows Registry Key | 1 | HKLM\HARDWARE\ACPI\DSDT\Virtual |
|
| Details | Windows Registry Key | 1 | HKLM\HARDWARE\ACPI\SDT\AMIBI |
|
| Details | Windows Registry Key | 1 | HKLM\HARDWARE\ACPI\DSDT\VMware |
|
| Details | Windows Registry Key | 1 | HKLM\HARDWARE\ACPI\DSDT\PTLTD |
|
| Details | Windows Registry Key | 1 | HKLM\SOFTWARE\SandboxieAutoExec |
|
| Details | Windows Registry Key | 1 | HKLM\SOFTWARE\Classes\Folder\shell\sandbox |
|
| Details | Windows Registry Key | 164 | HKLM\SOFTWARE\Microsoft\Windows |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\services\Disk\Enum\0 |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName |
|
| Details | Windows Registry Key | 5 | HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
|
| Details | Windows Registry Key | 2 | HKCU\Software\Policies\Microsoft\Windows\Explorer |
|
| Details | Windows Registry Key | 48 | HKLM\Software\Microsoft\Windows\CurrentVersion\Run |
|
| Details | Windows Registry Key | 44 | HKLM\SOFTWARE\Policies\Microsoft\Windows |