ioc[.]one - OSINT Cyber Threat Intelligence Database

Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage

Tags

cmtmf-attack-pattern:

Resource Hijacking System Network Connections Discovery

attack-pattern:

Data Confluence - T1213.001 Create Or Modify System Process - T1543 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Domain Account - T1087.002 Domain Account - T1136.002 Domain Groups - T1069.002 Exploits - T1587.004 Exploits - T1588.005 File Deletion - T1070.004 File Deletion - T1630.002 Impair Defenses - T1562 Impair Defenses - T1629 Local Account - T1087.001 Local Account - T1136.001 Local Groups - T1069.001 System Network Connections Discovery - T1421 Malware - T1587.001 Malware - T1588.001 Masquerade Task Or Service - T1036.004 System Information Discovery - T1426 Resource Hijacking - T1496 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Service Execution - T1569.002 Service Stop - T1489 System Services - T1569 Windows Service - T1543.003 Vulnerabilities - T1588.006 Account Discovery - T1087 File Deletion - T1107 Modify Registry - T1112 Permission Groups Discovery - T1069 Scheduled Task - T1053 Service Execution - T1035 System Information Discovery - T1082 System Network Connections Discovery - T1049 System Owner/User Discovery - T1033 System Time Discovery - T1124 Service Stop

Show in Graph

Common Information

Type	Value
UUID	5fa38596-0368-4eca-a8a0-8f59827258f7
Fingerprint	83bd09d4c5f7cb8f
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 21, 2021, midnight
Added to db	Oct. 15, 2024, 3:16 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage
Title	Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage
Detected Hints/Tags/Attributes	82/2/81

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_ph/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
Details	Source	https://www.trendmicro.com/en_hk/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
Details	Source	https://www.trendmicro.com/en_id/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
Details	Source	https://www.trendmicro.com/en_nl/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
Details	Source	https://www.trendmicro.com/en_ae/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
Details	Source	https://www.trendmicro.com/en_be/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
Details	Source	https://www.trendmicro.com/en_gb/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
Details	Source	https://www.trendmicro.com/en_ie/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
Details	Source	https://www.trendmicro.com/en_no/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
Details	Source	https://www.trendmicro.com/en_th/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
Details	Source	https://www.trendmicro.com/en_ca/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
Details	Source	https://www.trendmicro.com/en_se/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
Details	Source	https://www.trendmicro.com/en_fi/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	80	cve-2021-26084
Details	CVE	68	cve-2020-14882
Details	CVE	17	cve-2015-1427
Details	Domain	11	backdoor.java
Details	Domain	49	trojan.sh
Details	Domain	358	pastebin.com
Details	Domain	2	zgpay.cc
Details	Domain	2	kwork.sh
Details	Domain	291	raw.githubusercontent.com
Details	File	48	trojan.bat
Details	File	38	trojan.ps1
Details	File	2	vmicvguestvs.dll
Details	File	2	ok.bat
Details	File	15	clean.bat
Details	File	8	error.jsp
Details	File	2	uninstall.bat
Details	File	12	backdoor.java
Details	File	2	wxm.exe
Details	File	2	network02.exe
Details	File	7	sys.ps1
Details	File	2	oracleservice.exe
Details	File	153	config.json
Details	File	23	xmrig.exe
Details	File	3	eth.jpg
Details	File	36	1.jpg
Details	File	61	1.bat
Details	File	2	vmicguestvs.dll
Details	File	9	x.bat
Details	Github username	2	alreadyhave
Details	sha256	2	49f3d06419d9578551e584515f44b2ee714e1eef96b94e68ea957f2943deca5a
Details	sha256	2	cb339d08c0ad7c4d07b06cae5d7eae032fb1bb1178d80b2a1997a8b8257b5bea
Details	sha256	3	0663d70411a20340f184ae3b47138b33ac398c800920e4d976ae609b60522b01
Details	sha256	2	a5604893608cf08b7cbfb92d1cac20868808218b3cc453ca86da0abaeadc0537
Details	sha256	2	f176d69f18cde008f1998841c343c3e5d4337b495132232507a712902a0aec5e
Details	sha256	1	4a2fbe904e4665939d8517c48fb3d5cb67e9b1482195c41fe31396318118cfc8
Details	sha256	2	e9ba929949c7ea764a298e33af1107ff6feefe884cabf6254ff574efff8a2e40
Details	sha256	2	7d8b52e263bc548891c1623695bac7fb21dab112e43fffb515447a5cc709ac89
Details	IPv4	2	213.152.165.29
Details	IPv4	7	27.1.1.34
Details	IPv4	7	209.141.40.190
Details	IPv4	4	222.122.47.27
Details	IPv4	3	164.52.212.196
Details	IPv4	2	66.42.117.168
Details	IPv4	3	172.96.249.219
Details	MITRE ATT&CK Techniques	174	T1569.002
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	197	T1489
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	57	T1036.004
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	119	T1049
Details	MITRE ATT&CK Techniques	32	T1069.001
Details	MITRE ATT&CK Techniques	74	T1069.002
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	179	T1087
Details	MITRE ATT&CK Techniques	72	T1087.001
Details	MITRE ATT&CK Techniques	99	T1087.002
Details	MITRE ATT&CK Techniques	86	T1124
Details	MITRE ATT&CK Techniques	107	T1496
Details	Url	2	http://213.152.165.29/x.bat
Details	Url	2	http://213.152.165.29/uninstall.bat
Details	Url	2	http://213.152.165.29/vmicguestvs.dll
Details	Url	3	http://27.1.1.34:8080/docs/s/sys.ps1
Details	Url	2	http://209.141.40.190/oracleservice.exe
Details	Url	2	http://209.141.40.190/wxm.exe
Details	Url	4	http://27.1.1.34:8080/docs/s/config.json
Details	Url	3	http://27.1.1.34:8080/examples/clean.bat
Details	Url	3	http://222.122.47.27:2143/auth/xmrig.exe
Details	Url	2	http://pastebin.com/raw/bcfqddxx
Details	Url	2	http://pastebin.com/raw/g93wwhkr
Details	Url	2	http://164.52.212.196:88/eth.jpg
Details	Url	2	http://66.42.117.168/bootcore_jsp
Details	Url	2	http://164.52.212.196:88/1.jpg
Details	Url	5	http://209.141.40.190/xms
Details	Url	3	http://172.96.249.219:88/.jpg
Details	Url	2	http://172.96.249.219:88/1.jpg
Details	Url	2	https://zgpay.cc/css/kwork.sh
Details	Url	2	https://raw.githubusercontent.com/alreadyhave/thinkabout/main/kwork.sh