Invisible miners: unveiling GHOSTENGINE’s crypto mining operations — Elastic Security Labs
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 6ca89baf-323b-4e02-86ce-221290206811 |
| Fingerprint | b5009c727cf8adc5 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 22, 2024, midnight |
| Added to db | Aug. 31, 2024, 9:32 a.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | Invisible miners: unveiling GHOSTENGINE’s crypto mining operations |
| Title | Invisible miners: unveiling GHOSTENGINE’s crypto mining operations — Elastic Security Labs |
| Detected Hints/Tags/Attributes | 82/2/48 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 306 | ✔ | Elastic Security Labs | https://www.elastic.co/security-labs/rss/feed.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 31 | pool.supportxmr.com |
|
| Details | Domain | 1 | download.yrnvtklot.com |
|
| Details | Domain | 1 | ftp.yrnvtklot.com |
|
| Details | Domain | 1 | online.yrnvtklot.com |
|
| Details | File | 21 | tiworker.exe |
|
| Details | File | 2 | get.png |
|
| Details | File | 1 | clearn.png |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 5 | c:\windows\system32\oci.dll |
|
| Details | File | 1 | c:\users\public\run.bat |
|
| Details | File | 1 | c:\windows\fonts\smartsscreen.exe |
|
| Details | File | 93 | curl.exe |
|
| Details | File | 35 | config.txt |
|
| Details | File | 1 | c:\windows\system32\drivers\aswarpots.sys |
|
| Details | File | 1 | c:\windows\system32\drivers\iobitunlockers.sys |
|
| Details | File | 1 | c:\windows\fonts\curl.exe |
|
| Details | File | 2 | backup.png |
|
| Details | File | 2 | kill.png |
|
| Details | File | 2 | smartsscreen.exe |
|
| Details | File | 2 | aswarpots.sys |
|
| Details | File | 15 | smartscreen.exe |
|
| Details | File | 2 | iobitunlockers.sys |
|
| Details | File | 1 | winring0x64.png |
|
| Details | File | 1 | taskhostw.png |
|
| Details | File | 153 | config.json |
|
| Details | File | 22 | oci.dll |
|
| Details | File | 1 | c:\windows\fonts\taskhostw.exe |
|
| Details | File | 1 | c:\windows\fonts\config.json |
|
| Details | File | 1 | c:\windows\fonts\winring0x64.sys |
|
| Details | File | 1 | c:\programdata\microsoft\devicesync\systemsync\tiworker.exe |
|
| Details | sha256 | 1 | 7c106041de7cc4c86cb9412a43cb7fc0a6ad2c76cfdb0e03a8ef98dd9e744442 |
|
| Details | sha256 | 1 | 2fe78941d74d35f721556697491a438bf3573094d7ac091b42e4f59ecbd25753 |
|
| Details | sha256 | 2 | 4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1 |
|
| Details | sha256 | 1 | 2b33df9aff7cb99a782b252e8eb65ca49874a112986a1c49cd9971210597a8ae |
|
| Details | sha256 | 1 | 3ced0552b9ecf3dfecd14cbcc3a0d246b10595d5048d7f0d4690e26ecccc1150 |
|
| Details | sha256 | 1 | 3b2724f3350cb5f017db361bd7aae49a8dbc6faa7506de6a4b8992ef3fd9d7ab |
|
| Details | sha256 | 1 | 35eb368c14ad25e3b1c58579ebaeae71bdd8ef7f9ccecfc00474aa066b32a03f |
|
| Details | sha256 | 1 | 786591953336594473d171e269c3617d7449876993b508daa9b96eedc12ea1ca |
|
| Details | sha256 | 6 | 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5 |
|
| Details | sha256 | 1 | aac7f8e174ba66d62620bd07613bac1947f996bb96b9627b42910a1db3d3e22b |
|
| Details | sha256 | 1 | 6f3e913c93887a58e64da5070d96dc34d3265f456034446be89167584a0b347e |
|
| Details | sha256 | 1 | 7c242a08ee2dfd5da8a4c6bc86231985e2c26c7b9931ad0b3ea4723e49ceb1c1 |
|
| Details | sha256 | 1 | cc4384510576131c126db3caca027c5d159d032d33ef90ef30db0daa2a0c4104 |
|
| Details | IPv4 | 198 | 1.1.1.1 |
|
| Details | IPv4 | 295 | 8.8.8.8 |
|
| Details | IPv4 | 1 | 116.0.0.0 |
|
| Details | IPv4 | 1 | 111.90.158.40 |
|
| Details | IPv4 | 1 | 93.95.225.137 |