ioc[.]one - OSINT Cyber Threat Intelligence Database

Агент SIEM используется в атаках SilentCryptoMiner

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Event Triggered Execution Masquerading Obfuscated Files Or Information Process Injection Resource Hijacking Scheduled Task/Job Stage Capabilities
maec-delivery-vectors:	Watering Hole
attack-pattern:	Software Discovery - T1418 Autohotkey & Autoit - T1059.010 Command And Scripting Interpreter - T1623 Command Obfuscation - T1027.010 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Embedded Payloads - T1027.009 Event Triggered Execution - T1624 Event Triggered Execution - T1546 Exfiltration Over C2 Channel - T1646 Hidden Files And Directories - T1564.001 Hide Artifacts - T1628 Hide Artifacts - T1564 Image File Execution Options Injection - T1546.012 Impair Defenses - T1562 Impair Defenses - T1629 Malicious File - T1204.002 Malicious Link - T1204.001 Masquerade File Type - T1036.008 Masquerading - T1655 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Process Injection - T1631 Resource Hijacking - T1496 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Screen Capture - T1513 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Seo Poisoning - T1608.006 Software Discovery - T1518 Stage Capabilities - T1608 Windows Command Shell - T1059.003 Visual Basic - T1059.005 Virtualization/Sandbox Evasion - T1497 Windows Management Instrumentation Event Subscription - T1546.003 Upload Malware - T1608.001 Virtualization/Sandbox Evasion - T1633 Command-Line Interface - T1059 Exfiltration Over Command And Control Channel - T1041 Hidden Files And Directories - T1158 Image File Execution Options Injection - T1183 Masquerading - T1036 Obfuscated Files Or Information - T1027 Process Injection - T1055 Scheduled Task - T1053 Screen Capture - T1113 Security Software Discovery - T1063 System Information Discovery - T1082 System Owner/User Discovery - T1033 Windows Management Instrumentation Event Subscription - T1084 User Execution - T1204 Masquerading Screen Capture User Execution

Show in Graph

Common Information

Type	Value
UUID	6c43843d-5963-4bca-a465-150181b76563
Fingerprint	7b8c3efb6386f84b
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 4, 2024, 11 a.m.
Added to db	Oct. 4, 2024, 11:12 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	Система управления событиями опасности
Title	Агент SIEM используется в атаках SilentCryptoMiner
Detected Hints/Tags/Attributes	90/3/100

Source URLs

	Redirection	Url
Details	Source	https://securelist.ru/miner-campaign-misuses-open-source-siem-agent/110717/

URL Provider

Details	Provider	Source level domain
Details	securelist.ru	securelist.ru

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	224	✔	Securelist	https://securelist.ru/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	3	sportjump.ru
Details	Domain	2	trojan.bat.miner.id
Details	Domain	4	excel-ms.github.io
Details	Domain	3	ms-excel.zip
Details	Domain	2	utorrent-client.github.io
Details	Domain	2	gta-5rp.github.io
Details	Domain	2	gtarp.zip
Details	Domain	3	mssg.me
Details	Domain	47	linktr.ee
Details	Domain	2	nyaera.ru
Details	Domain	2	utorrent.zip
Details	Domain	4127	github.com
Details	Domain	291	raw.githubusercontent.com
Details	Domain	4	install.zip
Details	Domain	3	gamesjumpers.com
Details	Domain	3	gamejump.site
Details	Domain	2	alljump.ru
Details	Domain	358	pastebin.com
Details	Domain	11	rentry.co
Details	File	5	libssl-1_1.dll
Details	File	69	vcruntime140.dll
Details	File	12	libcrypto-1_1.dll
Details	File	7	startmenuexperiencehost.exe
Details	File	3	shellext.dll
Details	File	3	utshellext.dll
Details	File	2	nun.bat
Details	File	2	c:\programdata\insta.bat
Details	File	2	c:\programdata\oedist\kun.bat
Details	File	2	c:\programdata\redist\oun.bat
Details	File	2	c:\programdata\uedist\eun.bat
Details	File	2	c:\programdata\jedist\qun.bat
Details	File	2125	cmd.exe
Details	File	2	insta.bat
Details	File	1260	explorer.exe
Details	File	48	trojan.bat
Details	File	20	trojan.vbs
Details	File	2	ms-excel.zip
Details	File	2	gtarp.zip
Details	File	2	utorrent.zip
Details	File	45	1.zip
Details	File	4	install.zip
Details	md5	2	b5b323679524d52e4c058b1a3dd8dee7
Details	md5	2	4efa8ca01d7c566ff1b72f4ebf57cf2c
Details	md5	2	10f888a9aa8082651adeff4790675fd5
Details	md5	2	30dd26075a5ca7a4861e9214a99d0495
Details	md5	2	60efc41c30fd9ab438e88c6011df5c38
Details	md5	2	961fa114e9eb92016977940f7c97cdd9
Details	md5	2	1457e18b453d8cefc34047e1b0fbf76f
Details	md5	2	284418b6a9c70cc30ef14df3a87c24da
Details	md5	2	5788631016d8bc495f4f2614f9a7bbe0
Details	md5	2	a9bc00e5e8a17df95bd5b8c289a12b31
Details	md5	2	a9bd813679517c846dcf36454baa6170
Details	md5	2	a99f3f8736d7d3001aa5eb6202123948
Details	md5	2	a802ce130be6546b76d4b54f72d14645
Details	md5	2	ae9e83d1031462cb5e58b4525036670c
Details	md5	2	b25f9490f6d80f9de5a9c02cc344f9f9
Details	md5	2	cffc70e4fb7363024fcc3590755fa846
Details	md5	2	e9154a7613a8f8baf67ec3b696c9cb12
Details	md5	2	f213f94729b294c01a0df21800c4e395
Details	md5	2	2e68f4438ce59c868af01b535c98060d
Details	md5	2	839471243f9c4a294c42fabf636f7cad
Details	md5	2	4b0d76262dd82985d330b02190a880c0
Details	md5	2	1a5d955be79046a3288b869e44e87404
Details	md5	2	f8342fd3e32dcf9832dff3e923ef530b
Details	md5	2	20b6ac10f657963245940c9bcd25a346
Details	md5	2	33c7c22e33e134ec3ddfc6be8ee1f1ee
Details	md5	2	2e4146c1a93c0bfe0f4e9ea53b8da7ee
Details	md5	2	827eca9ec457f3c5180f602832f44955
Details	md5	2	e3b6142df6a7c73a99736082fbae2fa6
Details	md5	2	4bdcbc7ec1929d9b1ebcc4d01d605b05
Details	md5	2	0da6e1036ca5d8231ee94a4db8c48728
Details	md5	2	098872e9e39bd4cd0e4debd4b397b555
Details	md5	2	0305f8a9dee464f56023411e7b0924df
Details	md5	2	be8b6452aa874904f116f9b7cdfe343b
Details	md5	2	6c0416f719ceca15f9e9c4f210c64fb0
Details	md5	2	25b90fa3b21875157c6f33b7e1b6e8d7
Details	md5	2	14b7429205955056f1763553f82fe244
Details	MITRE ATT&CK Techniques	12	T1608.006
Details	MITRE ATT&CK Techniques	49	T1608.001
Details	MITRE ATT&CK Techniques	106	T1204.001
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	2	T1059.010
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	137	T1059.005
Details	MITRE ATT&CK Techniques	13	T1546.012
Details	MITRE ATT&CK Techniques	22	T1546.003
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	40	T1027.009
Details	MITRE ATT&CK Techniques	25	T1027.010
Details	MITRE ATT&CK Techniques	21	T1036.008
Details	MITRE ATT&CK Techniques	94	T1564.001
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	219	T1113
Details	MITRE ATT&CK Techniques	107	T1496
Details	MITRE ATT&CK Techniques	422	T1041