ioc[.]one - OSINT Cyber Threat Intelligence Database

BlackSquid Infects Servers and Drives, 8 Exploits Used

Tags

country:	Thailand
attack-pattern:	Data Model Exploits - T1587.004 Exploits - T1588.005 Hardware - T1592.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 System Checks - T1633.001 System Checks - T1497.001 Vulnerabilities - T1588.006 Mshta - T1170 Windows Management Instrumentation - T1047

Show in Graph

Common Information

Type	Value
UUID	5e92433c-0c98-4be1-8d63-4063c4b814dc
Fingerprint	e6942c5bc4bb268f
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 3, 2019, midnight
Added to db	Oct. 15, 2024, 5:28 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	BlackSquid Infects Servers and Drives, 8 Exploits Used
Title	BlackSquid Infects Servers and Drives, 8 Exploits Used
Detected Hints/Tags/Attributes	67/2/40

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_ca/research/19/f/blacksquid-slithers-into-servers-and-drives-with-8-notorious-exploits-to-drop-xmrig-miner.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	7	cve-2014-6287
Details	CVE	11	cve-2017-12615
Details	CVE	18	cve-2017-8464
Details	CVE	126	cve-2017-0144
Details	CVE	27	cve-2017-0146
Details	Domain	1	coinminer.win64.toolxmr.as
Details	Domain	1	m9f.oss-cn-beijing.aliyuncs.com
Details	File	2	anubis.exe
Details	File	21	api_log.dll
Details	File	1	cuckoo.exe
Details	File	19	dir_watch.dll
Details	File	11	immunitydebugger.exe
Details	File	40	ollydbg.exe
Details	File	5	ollyice.exe
Details	File	1	sandboxie.exe
Details	File	9	sandboxiedcomlaunch.exe
Details	File	8	sandboxierpcss.exe
Details	File	83	sbiedll.dll
Details	File	3	sbiedrv.sys
Details	File	6	sbiesvc.exe
Details	File	16	sxin.dll
Details	File	11	vboxdrv.sys
Details	File	1	vboxguestadditions.sys
Details	File	1	vboxnetadp.sys
Details	File	1	vboxres.dll
Details	File	1	vboxusb.sys
Details	File	1	vboxusbmon.sys
Details	File	35	windbg.exe
Details	File	2	x64_dbg.exe
Details	File	456	mshta.exe
Details	sha256	1	14f8dc79113b6a2d3f378d2046dbc4a9a7c605ce24cfa5ef9f4e8f5406cfd84d
Details	sha256	2	3596e8fa5e19e860a2029fa4ab7a4f95fadf073feb88e4f82b19a093e1e2737c
Details	sha256	1	4bc1a84ddbbb360e3026e8ec1d0e1eff02a100cf01888e7e2a2ac6a105c71450
Details	sha256	1	aa259b168ec448349e91a9d560569bdb6fabd811d78888c6080065a549f60cb0
Details	sha256	1	4abb241a957061d150d757955aa0e7159253b17a1248eaac13490a811cdabf90
Details	sha256	1	515caf6b7ff41322099f4c3e3d4846a65768b7f4b3166274afc47cb301eeda98
Details	sha256	1	8dbd331784e620bb0ca33b8515ca9df9a7a049057b39a2da5242323943d730b4
Details	sha256	1	8974da4d200f3ca11aa0bc800f23d7a2be9a3e4e6311221888740c812d489116
Details	Url	1	http://m9f.oss-cn-beijing.aliyuncs.com/a.exe
Details	Url	1	http://m9f.oss-cn-beijing.aliyuncs.com/black.hta