ioc[.]one - OSINT Cyber Threat Intelligence Database

'Hidden Bee' miner delivered via improved drive-by download toolkit | Malwarebytes Labs

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Bootkit - T1542.003 Botnet - T1583.005 Botnet - T1584.005 Exploits - T1587.004 Exploits - T1588.005 Malvertising - T1583.008 Server - T1583.004 Server - T1584.004 Bootkit - T1067 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	800a8ab4-7c76-4b44-ab13-cf29839ddce2
Fingerprint	34e31985b40ff491
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 26, 2018, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	'Hidden Bee' miner delivered via improved drive-by download toolkit
Title	'Hidden Bee' miner delivered via improved drive-by download toolkit \| Malwarebytes Labs
Detected Hints/Tags/Attributes	50/2/17

Source URLs

	Redirection	Url
Details	Source	https://blog.malwarebytes.com/threat-analysis/2018/07/hidden-bee-miner-delivered-via-improved-drive-by-download-toolkit/

URL Provider

Details	Provider	Source level domain
Details	malwarebytes.com	blog.malwarebytes.com

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	92		cve-2018-4878
Details	CVE	106		cve-2018-8174
Details	CVE	77		cve-2016-0189
Details	Domain	2		setup.gohub.online
Details	File	16		cabinet.dll
Details	File	172		dllhost.exe
Details	File	2		wiki.asp
Details	File	6		setup.bin
Details	File	533		ntdll.dll
Details	File	748		kernel32.dll
Details	md5	1		530475f52527a9ae1813d529653e9501
Details	IPv4	2		103.35.72.223
Details	IPv4	1		67.198.208.110
Details	IPv4	1		133.130.101.254
Details	Url	1		http://103.35.72.223/git/wiki.asp?id=530475f52527a9ae1813d529653e9501
Details	Url	1		http://103.35.72.223/git/glfw.wasm
Details	Url	1		http://103.35.72.223/rt/lsv3i06rrmcu491c3tv82uf228.wasmlooking