典型挖矿家族系列分析四丨LemonDuck挖矿僵尸网络
Tags
| attack-pattern: | Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 58c704bf-4adc-451a-99a3-86e391ca195a |
| Fingerprint | fbc9e13261c3c139 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 25, 2021, midnight |
| Added to db | July 24, 2023, 2:22 p.m. |
| Last updated | Nov. 17, 2024, 5:55 p.m. |
| Headline | 研究报告 |
| Title | 典型挖矿家族系列分析四丨LemonDuck挖矿僵尸网络 |
| Detected Hints/Tags/Attributes | 9/1/205 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.antiy.cn/research/notice&report/research_report/20230310.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 18 | cve-2017-8464 |
|
| Details | CVE | 63 | cve-2020-0796 |
|
| Details | CVE | 68 | cve-2020-14882 |
|
| Details | CVE | 63 | cve-2017-8570 |
|
| Details | Domain | 2 | pull.update.ackng.com |
|
| Details | Domain | 3 | dl.haqo.net |
|
| Details | Domain | 1 | minicen.ga |
|
| Details | Domain | 6 | beahh.com |
|
| Details | Domain | 3 | haqo.net |
|
| Details | Domain | 1 | dl.hago.net |
|
| Details | Domain | 3 | lplp1.beahh.com |
|
| Details | Domain | 3 | lplp1.abbny.com |
|
| Details | Domain | 1 | lplp1.ackng.net |
|
| Details | Domain | 3 | down.beahh.com |
|
| Details | Domain | 3 | lplp.ackng.com |
|
| Details | Domain | 9 | ackng.com |
|
| Details | Domain | 2 | xr.zip |
|
| Details | Domain | 2 | ttr3p.com |
|
| Details | Domain | 2 | down.bddp.net |
|
| Details | Domain | 4 | down.sqlnetcat.com |
|
| Details | Domain | 1 | hago.net |
|
| Details | Domain | 1 | ii.hago.net |
|
| Details | Domain | 2 | ii.haqo.net |
|
| Details | Domain | 5 | info.abbny.com |
|
| Details | Domain | 2 | info.amynx.com |
|
| Details | Domain | 3 | info.beahh.com |
|
| Details | Domain | 1 | info.hago.ne |
|
| Details | Domain | 2 | info.haqo.net |
|
| Details | Domain | 2 | info.zz3r0.com |
|
| Details | Domain | 2 | log.bddp.net |
|
| Details | Domain | 1 | loop2.hago.net |
|
| Details | Domain | 1 | loop.abbbny.com |
|
| Details | Domain | 1 | loop.haqo.net |
|
| Details | Domain | 4 | oo.beahh.com |
|
| Details | Domain | 1 | oop2.hago.net |
|
| Details | Domain | 1 | oop.abbbny.com |
|
| Details | Domain | 1 | oop.hago.net |
|
| Details | Domain | 3 | abbny.com |
|
| Details | Domain | 6 | estonine.com |
|
| Details | Domain | 6 | pp.abbny.com |
|
| Details | Domain | 1 | ppabbny.com |
|
| Details | Domain | 1 | pslog.estonine.com |
|
| Details | Domain | 2 | amxny.com |
|
| Details | Domain | 8 | amynx.com |
|
| Details | Domain | 5 | awcna.com |
|
| Details | Domain | 8 | netcatkit.com |
|
| Details | Domain | 6 | sqlnetcat.com |
|
| Details | Domain | 3 | tr2q.com |
|
| Details | Domain | 7 | zer9g.com |
|
| Details | Domain | 10 | zz3r0.com |
|
| Details | Domain | 2 | update.bddp.net |
|
| Details | Domain | 5 | bddp.net |
|
| Details | Domain | 1 | wbeahh.com |
|
| Details | File | 1 | 更新横向传播模块ipc和ii.exe |
|
| Details | File | 1 | urgent.doc |
|
| Details | File | 2 | f79cb9d2893b254cc75dfb7f3e454a69.exe |
|
| Details | File | 4 | dl.exe |
|
| Details | File | 5 | dll.exe |
|
| Details | File | 1 | updatedl.exe |
|
| Details | File | 52 | updater.exe |
|
| Details | File | 1 | 附件urgent.doc |
|
| Details | File | 3 | i.png |
|
| Details | File | 2 | d32.dat |
|
| Details | File | 2 | xr.zip |
|
| Details | File | 1 | ins.exe |
|
| Details | File | 2 | u.png |
|
| Details | File | 14 | t.php |
|
| Details | md5 | 1 | f79cb9d2893b254cc75dfb7f3e454a69 |
|
| Details | md5 | 2 | F79CB9D2893B254CC75DFB7F3E454A69 |
|
| Details | md5 | 1 | FB89D40E24F5FF55228C38B2B07B2E77 |
|
| Details | md5 | 1 | 59B18D6146A2AA066F661599C496090D |
|
| Details | md5 | 1 | c90ecc4e12e085c7fbc571d9ba6d00d4 |
|
| Details | md5 | 1 | f21c98d43e678568917dabf121436b74 |
|
| Details | md5 | 1 | 74E2A43B2B7C6E258B3A3FC2516C1235 |
|
| Details | md5 | 1 | 2E9710A4B9CBA3CD11E977AF87570E3B |
|
| Details | md5 | 1 | 30429A24F312153C0EC271CA3FEABF3D |
|
| Details | md5 | 1 | F9144118127FF29D4A49A30B242CEB55 |
|
| Details | md5 | 1 | 1E0DB9FDBC57525A2A5F5B4C69FAC3BB |
|
| Details | md5 | 1 | 5AB6F8CA1F22D88B8EF9A4E39FCA0C03 |
|
| Details | md5 | 1 | D4E2EBCF92CF1B2E759FF7CE1F5688CA |
|
| Details | md5 | 1 | 32653B2C277F18779C568A1E45CACC0F |
|
| Details | md5 | 1 | AB1C947C0C707C0E0486D25D0AE58148 |
|
| Details | md5 | 1 | BC26FD7A0B7FE005E116F5FF2227EA4D |
|
| Details | md5 | 1 | A4B7940B3D6B03269194F728610784D6 |
|
| Details | md5 | 1 | 85013CC5D7A6DB3BCEE3F6B787BAF957 |
|
| Details | md5 | 1 | 667A3848B411AF0B6C944D47B559150F |
|
| Details | md5 | 1 | 0A4DCD170708F785F314C16797BAADDB |
|
| Details | md5 | 1 | DEF0E980D7C2A59B52D0C644A6E40763 |
|
| Details | md5 | 1 | 23196DE0EDE25FB9659713FA6799F455 |
|
| Details | md5 | 1 | CE924B12FFC55021F5C1BCF308F29704 |
|
| Details | md5 | 1 | 2FBCE2ECF670EB186C6E3E5886056312 |
|
| Details | md5 | 1 | E05827E44D487D1782A32386123193EF |
|
| Details | md5 | 1 | 66EA09330BEE7239FCB11A911F8E8EA3 |
|
| Details | md5 | 1 | 47064F56C84D674AB1935186A365219F |
|
| Details | md5 | 1 | 8A2042827A7FCD901510E9A21C9565A8 |
|
| Details | md5 | 1 | FA13FD1BB0A2FAAC06CB94592DD6BB1B |
|
| Details | md5 | 1 | 6D444144D8E7A07CBA1FD5B042A49012 |
|
| Details | md5 | 1 | C90ECC4E12E085C7FBC571D9BA6D00D4 |
|
| Details | md5 | 1 | F21C98D43E678568917DABF121436B74 |
|
| Details | md5 | 1 | 6AA4DE709246FB080C621A6D3E7F9360 |
|
| Details | md5 | 1 | DEBE7B1929D4AD269DD8C4B159ABD269 |
|
| Details | md5 | 1 | AE0AC43FEBAD2AC885E3F8A020A2103E |
|
| Details | md5 | 1 | 07DD4357A22AF86CC73710239E7DBC07 |
|
| Details | md5 | 1 | 4EC29049AC81521C37DAD2DA6754D6A3 |
|
| Details | md5 | 1 | FFEB6DC402F37542889AE2D17B0EDDF2 |
|
| Details | md5 | 1 | F1BF55BA24D1A05E80A7CA1D6774AB3D |
|
| Details | md5 | 1 | 9ABFFFAF7A4877C9187C3F8A6E59B065 |
|
| Details | md5 | 1 | F19D9A77C3F6F07E43F5822F9A796104 |
|
| Details | md5 | 1 | 8516C4592D8DE8B25DF3A5E9AEFF12E0 |
|
| Details | md5 | 1 | 8EC31DD982FA038D99FBBBDDFCEB044C |
|
| Details | md5 | 1 | 556D5B9FCA78386C15EC59B2E9105E60 |
|
| Details | md5 | 1 | 43255582721DC0A0796491FE91851630 |
|
| Details | md5 | 1 | 76E47B53D5D57D7595EF687E9AE92891 |
|
| Details | md5 | 1 | 3380700C5D87F1F0538DC506FB464FFC |
|
| Details | md5 | 1 | 2E2E3ABC4BEB42ED902C4AB820C18AF6 |
|
| Details | md5 | 1 | 98BF04D3D6E25C0CAC4AC6AF604BCDBF |
|
| Details | md5 | 1 | D4C35DA00EF1122401DF0FB2B0EA782B |
|
| Details | md5 | 1 | 4764ADA8BD0665B7EDA593B81DF116E2 |
|
| Details | md5 | 1 | 3A6714003C362564145108E354F52F39 |
|
| Details | md5 | 1 | 300967F8E0C01600742CBD4D15844EF0 |
|
| Details | md5 | 1 | BBCBEC1A0671B3D67929B628E433A8D5 |
|
| Details | md5 | 1 | F444A893A14510684A6490B6748772EF |
|
| Details | md5 | 1 | E6AE2AEF792D3064A24BF7CF935439D8 |
|
| Details | md5 | 1 | 9D00CCCBB3B73171BF58FE66BF7DAFF7 |
|
| Details | md5 | 1 | C08080797A5DA1D05CDBA5760B30B2C1 |
|
| Details | md5 | 1 | 6965AA9A1EE2B04496D89A6BBCDB37FF |
|
| Details | md5 | 1 | 7C029C86CA1ABA2D269BC5C43418CC75 |
|
| Details | md5 | 1 | A3CF8550866FBAAF8D98566243B78758 |
|
| Details | md5 | 1 | E5AE6D154A6BEFC00DEEA0CCB49DC9B8 |
|
| Details | md5 | 1 | 88949E6A329C6B2796DDCC81564CEE1A |
|
| Details | md5 | 1 | E3687C56B8BE535398051405F8221D82 |
|
| Details | md5 | 1 | 7805776504E8A39C2A892D89E2492C12 |
|
| Details | md5 | 1 | CC67B69740C7BD0744ACD3242729CE15 |
|
| Details | md5 | 1 | 99ECCA08236F6CF766D7D8E2CC34EFF6 |
|
| Details | md5 | 1 | 2977084F9CE3E9E2D356ADAF2B5BDCFD |
|
| Details | md5 | 1 | 17703523F5137BC0755A7E4F133FC9D3 |
|
| Details | md5 | 1 | 8B0CB7A0760E022564465E50CE3271BB |
|
| Details | md5 | 1 | 5B3C44B503C7E592E416F68D3924620F |
|
| Details | md5 | 1 | EF3A4697773F84850FE1A086DB8EDFE0 |
|
| Details | md5 | 1 | 8EC20F2CBAD3103697A63D4444E5C062 |
|
| Details | md5 | 1 | AC48B1EA656B7F48C34E66D8E8D84537 |
|
| Details | md5 | 1 | D61D88B99C628179FA7CF9F2A310B4FB |
|
| Details | md5 | 1 | F944742B01606605A55C1D55C469F0C9 |
|
| Details | md5 | 1 | ABD6F640423A9BF018853A2B40111F76 |
|
| Details | md5 | 1 | 57812BDE13F512F918A0096AD3E38A07 |
|
| Details | md5 | 1 | D8E643C74996BF3C88325067A8FC9D78 |
|
| Details | md5 | 1 | 125A6199FD32FAFEC11F812358E814F2 |
|
| Details | md5 | 1 | FB880DC73E4DB0A43BE8A68EA443BFE1 |
|
| Details | md5 | 1 | 8D46DBE92242A4FDE2EA29CC277CCA3F |
|
| Details | md5 | 1 | 48FBE4B6C9A8EFC11F256BDA33F03460 |
|
| Details | md5 | 1 | 98F48F31006BE66A8E07B0AB189B6D02 |
|
| Details | md5 | 1 | 6BB4E93D29E8B78E515653426929C824 |
|
| Details | md5 | 1 | E009720BD4BA5A83C4B0080EB3AEA1FB |
|
| Details | md5 | 1 | 092478F1E16CBDDB48AFC3EECAF6BE68 |
|
| Details | md5 | 1 | CA717602F0700FABA6D2FE014C9E6A8C |
|
| Details | md5 | 1 | 888DC1CA4B18A3D424498244ACF81F7D |
|
| Details | md5 | 1 | C21CAA84B327262F2CBCC12BBB510D15 |
|
| Details | md5 | 1 | E04ACEC7AB98362D87D1C53D84FC4B03 |
|
| Details | md5 | 1 | E49367B9E942CF2B891F60E53083C938 |
|
| Details | md5 | 1 | B204EAD0DCC9CA1053A1F26628725850 |
|
| Details | md5 | 1 | B6F0E01C9E2676333490A750E58D4464 |
|
| Details | md5 | 1 | 95ADF923BA32CC5004277867181680C8 |
|
| Details | md5 | 1 | 31CE6662BE59CA4C01C1730BC7150F19 |
|
| Details | md5 | 1 | 55F0DD8C306DB9FC8B9E45705CD66598 |
|
| Details | md5 | 1 | C17CDEE1AFDC272A46B1CF25C1F44DCC |
|
| Details | md5 | 1 | 24C4149468926BEDCB41F50AC88B40F3 |
|
| Details | md5 | 1 | 3162E619F8EB49F4DD6B48CB09075E10 |
|
| Details | md5 | 1 | 94838EDD7470271386153D3B89FE6A6C |
|
| Details | md5 | 1 | E561003B347F391EEC44759DE1DA5EBF |
|
| Details | md5 | 1 | FF75C064248579F4BDABEC6D6DBA89D6 |
|
| Details | md5 | 1 | 2AE7F2F4F0B114ED074BA191ACF1665A |
|
| Details | md5 | 1 | B1BB11AEF730C4B0D2C2C94FDBF2A823 |
|
| Details | md5 | 1 | A8BF439DFC1391D5124D4CCCBD6C7664 |
|
| Details | md5 | 1 | 4D93C29622E285E068B613EF114517FD |
|
| Details | md5 | 1 | 46B1DA47A20AFAA11207A493EBFBD090 |
|
| Details | md5 | 1 | E47495DA1B30BDA0E42089CA6FC07B62 |
|
| Details | md5 | 1 | 3C4C0E75810C0FDAE2B0162B42FE04A0 |
|
| Details | md5 | 1 | 5BB6F5AF311C3A5576379874FC193EF3 |
|
| Details | md5 | 1 | E5B8744C220D703F9A0E43F3A202C785 |
|
| Details | md5 | 1 | 4001BA98A424FDB63047A23AF97EC590 |
|
| Details | md5 | 1 | A921B532D5D239E4A2E71E5F853195CD |
|
| Details | md5 | 1 | CFCFC563F33CB2E96F2FF51F6F603FA3 |
|
| Details | IPv4 | 1 | 172.104.73.9 |
|
| Details | IPv4 | 1 | 120.52.51.13 |
|
| Details | IPv4 | 1 | 172.105.204.237 |
|
| Details | IPv4 | 2 | 216.250.99.49 |
|
| Details | Url | 1 | http://pull.update.ackng.com/ziptool/pullexecute/f79cb9d2893b254cc75dfb7f3e454a69.exe |
|
| Details | Url | 2 | http://dl.haqo.net/dl.exe |
|
| Details | Url | 1 | http://172.104.73.9/dll.exe、hxxp://dl.haqo.net/updatedl.exe |
|
| Details | Url | 1 | http://120.52.51.13/dl.haqo.net/dl.exe |
|
| Details | Url | 1 | http://dl.haqo.net/dll.exe?fr=xx、hxxp://dl.haqo.net/updater.exe?id=xxxxx |
|
| Details | Url | 1 | http://r.minicen.ga/r?p |
|
| Details | Url | 3 | http://v.beahh.com/v |
|
| Details | Url | 1 | http://v.beahh.com/wm?smb |
|
| Details | Url | 1 | http://i.haqo.net/i.png获取 |
|
| Details | Url | 1 | http://dl.hago.net/xmrig-64_1.mlz |
|
| Details | Url | 1 | http://dl.hago.net/xmrig-32_1.mlz |
|
| Details | Url | 1 | http://down.beahh.com/d32.dat |
|
| Details | Url | 2 | http://d.ackng.com/ln/xr.zip |
|
| Details | Url | 1 | http://dl.haqo.net/updater.exe?id=yuefmigojqcn&guid=3b885dd9 |
|
| Details | Url | 1 | http://dl.haqo.net/ins.exez?id=rzcsyote&guid=3b885dd9 |
|
| Details | Url | 1 | http://dl.haqo.net/stak.mlz?id=dgsj |
|
| Details | Url | 1 | http://pp.abbny.com/u.png?id=cicadc&guid=c9414d56 |
|
| Details | Url | 1 | http://oo.beahh.com/u.png?_t=1669015209&bit=32&guid=3980a6ba |
|
| Details | Url | 1 | http://oo.beahh.com/t.php?id=walker |