New Threat Alert: Krane Malware
Tags
| country: | Romania |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Direct Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 68a3daf6-7f3c-4e3f-8bfe-18ca40b7675b |
| Fingerprint | 2c83080b2d175e8e |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 12, 2021, 12:17 p.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:31 p.m. |
| Headline | UNKNOWN |
| Title | New Threat Alert: Krane Malware |
| Detected Hints/Tags/Attributes | 70/3/91 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://cujo.com/threat-alert-krane-malware/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 8 | AS53667 |
|
| Details | Domain | 1 | smtp21.dsfdsaonline.com |
|
| Details | Domain | 1 | chenximiao.ml |
|
| Details | Domain | 1 | soen390.alan.ly |
|
| Details | Domain | 29 | urlhaus.abuse.ch |
|
| Details | Domain | 27 | script.sh |
|
| Details | Domain | 12 | pool.hashvault.pro |
|
| Details | Domain | 1 | ro4drunner.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 1 | krane.ddns.net |
|
| Details | File | 153 | config.json |
|
| Details | File | 1 | clase.txt |
|
| Details | File | 1 | k_config.json |
|
| Details | File | 1 | passfile.txt |
|
| Details | File | 1 | send_vuln.py |
|
| Details | File | 1 | mfu.txt |
|
| Details | File | 1 | banner.log |
|
| Details | File | 1 | prinse.txt |
|
| Details | File | 4 | scan.log |
|
| Details | sha256 | 1 | 03c04220db8287fcc0f016e2f69929a582cb038e6e2c9626b1db608299b9511d |
|
| Details | sha256 | 1 | 04f7da06d4176f6d3f14d2abd9e8dbaa2b31821c8bd602bd3f458436a8ac74aa |
|
| Details | sha256 | 1 | 09fc3d56722a2d7345bdc6ce475549a2a78b006fbbf366a024c5d300ab8c2266 |
|
| Details | sha256 | 1 | 0d79493b35cc4198aa41c4efecef69dadd1360cbae5ecef21b43f6879e3a927a |
|
| Details | sha256 | 1 | 1011a5e837aa216725292bf05ec03774fa6d981cae7bf5ee882e882cb65d0c8c |
|
| Details | sha256 | 1 | 130557a083326e8fc588f05b12d782bb5530e5289b7ceca0f03c557156ca035b |
|
| Details | sha256 | 1 | 135a661475b6122a879ab9f9e62ed92f8c46fd07a63aacc6b6b16156034ba7d7 |
|
| Details | sha256 | 1 | 16d80cb55df5f3a8ed8161d0b301af2a1d437c6c657605b41884a95005a4b483 |
|
| Details | sha256 | 1 | 18fbe2bc23a4d39bac95c09c0cfad3f439a15d6b9eb61747e0289b2df9ad992c |
|
| Details | sha256 | 1 | 1d0db9e4094fe635cf13ba1628ed0dbd96e97967cc9fd874fdf890d8dc87d983 |
|
| Details | sha256 | 1 | 1e822c861e9482033696aa58e64e2f89dc7b3f46bf5f22c0ddb42e0fa0d5301c |
|
| Details | sha256 | 1 | 205a70982a62b7155587d425407c968b962d6118e8517bb582ed5bef9a39e6b8 |
|
| Details | sha256 | 1 | 2ede344e0415193d41b90d3cdfbf8558c307d8b8182464dfe15655ea1f88eab0 |
|
| Details | sha256 | 4 | 2ef26484ec9e70f9ba9273a9a7333af195fb35d410baf19055eacbfa157ef251 |
|
| Details | sha256 | 1 | 3808f86fa9f1f9f0af5f6243f90d32bd6b3dbb7db228ef7ea2fdba346fbbdaa0 |
|
| Details | sha256 | 1 | 3c0aee19ccba5a0080b20b198c2c00cc5432cad8bb9875462170bd58419259cf |
|
| Details | sha256 | 1 | 3fa92cfbfb8d9d46c1e837e96825e9a4fbb5b4d214c38ce2cbd286165b6b04b1 |
|
| Details | sha256 | 1 | 4046583b3323b9cfe00f1c9773ca57cd80513f71a07c64ae7f59fea1284571ce |
|
| Details | sha256 | 1 | 4ccd2114fa692db310982cdcc1e9301cdf38c0ccd4f9a05144212ec1d474df11 |
|
| Details | sha256 | 1 | 5015497b3a75125bd6cd5c5956d6c8a30c46b7d0df91eec42219acb4bb327faf |
|
| Details | sha256 | 1 | 588e48eb1bf861a831a31b2dddc56926ba1735910d14795aff320640963b47bd |
|
| Details | sha256 | 1 | 661df0b02e799d3a5bf904ff5a18f79706115c73da84e89153a4e9791b4d8786 |
|
| Details | sha256 | 1 | 6988f670c3cee552792797e7f0aea6e93516bf278b29d3ddce13cedb6c261f3b |
|
| Details | sha256 | 1 | 6bdbaef8537c2764870e24d7d959e19a8ab7db5baa0d0de57aea10d765176073 |
|
| Details | sha256 | 1 | 7bb8676c080c07af8274de5a4bb7db2c0c120e6606764d0186fa71b7026da56b |
|
| Details | sha256 | 1 | 8158664efe2753ba8d9a1d1ac32893779e6068218f6b3d41785264687da54ca6 |
|
| Details | sha256 | 1 | 81984c0cffbae13cf40288487c958dd681b4e69874211e1d29fcb36da23b56f1 |
|
| Details | sha256 | 1 | 84be74c9e48be089222cf5822fe389df25119d93448d7c729773890e80fe009f |
|
| Details | sha256 | 3 | 97093a1ef729cb954b2a63d7ccc304b18d0243e2a77d87bbbb94741a0290d762 |
|
| Details | sha256 | 1 | 9916396a8542dbc006edcf03c643e41e787d4c5f9ad70011d769ebf198fa1e1d |
|
| Details | sha256 | 1 | a07cae8d471a3e19c91b3a1315a5ac32c7984721904bf031aef3562413d8298d |
|
| Details | sha256 | 1 | a181adfe67d5be2137a489d4b859a7d21be69d758e8fcf987ebe7e11ea806e75 |
|
| Details | sha256 | 1 | a96797d948ff00486b39800e1d934eb05a983cd9dec720f5a41ed763b148627e |
|
| Details | sha256 | 1 | aab44120f65bd5f1b518fde2c018a2d2ef228b182eafff9b4d9de5873830fb49 |
|
| Details | sha256 | 1 | b0a8dc79a798be9346f140af648ccd7089cf6a4d88a5961c7c888e5a0c76f8ac |
|
| Details | sha256 | 1 | b12669f63d737ee63c6d3a632e1917d2d89950127aad6fefd6d81b6cc126a69e |
|
| Details | sha256 | 1 | d1a01e023bef1ca08a344de2fa109991757f48a503f8c71225d24557355a285e |
|
| Details | sha256 | 1 | d51e8e059bfbe22997fd0a3639cf4d79e9c5c9a9c6aec260a9d1ee694d57313e |
|
| Details | sha256 | 1 | d7908dfc14ff5a09b8b7c5efb8c35b3b37b1371781ef021302bd7c1936c508cd |
|
| Details | sha256 | 1 | d7e7265705bbb2d45c3c9b0d4a61e0d8f7403f4b1b5e5c10e76ffdc2b4d689de |
|
| Details | sha256 | 1 | dc4eb01933cb16bb027bb50215480c30c39bd3d30b5b8f7b957833bd6381183a |
|
| Details | sha256 | 1 | f33d1e913d3db9d5b6661dd5ab8a678807c8a79eca1eeefd8804e46b32ff46cf |
|
| Details | sha256 | 1 | f642a1980ce3f4756dc8e5bac3a0d7578871294556c2467422ebe1a82338da34 |
|
| Details | sha256 | 1 | f7021bbac761cfa04a9e86e4c7e73afdf9dad2f2f71627d617fab27e46f99942 |
|
| Details | sha256 | 1 | fff403517a09799ec4e4c5b6dc891bb5a614245afa9bd1b59fd5a0e935c15b3c |
|
| Details | IPv4 | 1 | 198.98.52.12 |
|
| Details | IPv4 | 1 | 199.19.226.4 |
|
| Details | IPv4 | 1 | 199.195.252.242 |
|
| Details | IPv4 | 1 | 209.141.40.193 |
|
| Details | IPv4 | 1 | 209.141.47.39 |
|
| Details | IPv4 | 1 | 209.141.55.247 |
|
| Details | IPv4 | 1 | 209.141.51.168 |
|
| Details | IPv4 | 1 | 198.98.56.65 |
|
| Details | IPv4 | 1 | 209.141.57.111 |
|
| Details | IPv4 | 1 | 209.141.32.157 |
|
| Details | IPv4 | 1 | 209.141.32.204 |
|
| Details | IPv4 | 1 | 209.141.54.197 |
|
| Details | IPv4 | 1 | 209.141.58.203 |
|
| Details | IPv4 | 1 | 107.189.2.131 |
|
| Details | IPv4 | 1 | 51.15.118.233 |
|
| Details | IPv4 | 1 | 86.120.247.210 |
|
| Details | IPv4 | 1 | 104.244.78.183 |
|
| Details | IPv4 | 1 | 107.189.13.129 |
|
| Details | IPv4 | 1 | 141.255.153.99 |
|
| Details | IPv4 | 1 | 209.141.43.13 |
|
| Details | IPv4 | 1 | 209.141.54.4 |
|
| Details | Url | 1 | https://urlhaus.abuse.ch/asn/53667 |
|
| Details | Url | 1 | https://twitter.com/dogeiana/status/1420850937577476103 |
|
| Details | Url | 1 | http://ro4drunner.com/.db |
|
| Details | Url | 1 | http://ro4drunner.com/road |
|
| Details | Url | 1 | http://ro4drunner.com/runner |
|
| Details | Url | 1 | http://ro4drunner.com/ssh |