8220挖矿团伙的新玩具:k4spreader
Tags
| country: | Canada France |
| attack-pattern: | Botnet - T1583.005 Botnet - T1584.005 Dns - T1071.004 Dns - T1590.002 Python - T1059.006 |
Common Information
| Type | Value |
|---|---|
| UUID | 8c8d6af6-a093-454f-9c18-cd1bc3594548 |
| Fingerprint | 752dcb3d1cc7e9ee |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 25, 2024, midnight |
| Added to db | Aug. 31, 2024, 10:51 a.m. |
| Last updated | Nov. 17, 2024, 9:42 p.m. |
| Headline | 8220挖矿团伙的新玩具:k4spreader |
| Title | 8220挖矿团伙的新玩具:k4spreader |
| Detected Hints/Tags/Attributes | 29/2/50 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blog.xlab.qianxin.com/8220-k4spreader-new-tool-cn/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 420 | ✔ | 奇安信 X 实验室 | https://blog.xlab.qianxin.com/rss/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 2 | AS50916 |
|
| Details | Autonomous System Number | 40 | AS16276 |
|
| Details | CVE | 81 | cve-2017-10271 |
|
| Details | Domain | 2 | dw.c4kdeliver.top |
|
| Details | Domain | 2 | run.sck-dns.ws |
|
| Details | Domain | 2 | run.sck-dns.cc |
|
| Details | Domain | 5 | c4k-ircd.pwndns.pw |
|
| Details | Domain | 8 | pwn.oracleservice.top |
|
| Details | Domain | 5 | run.on-demand.pw |
|
| Details | Domain | 3 | fbi.su1001-2.top |
|
| Details | Domain | 15 | network.target |
|
| Details | Domain | 5 | syslog.target |
|
| Details | Domain | 6 | network-online.target |
|
| Details | Domain | 41 | multi-user.target |
|
| Details | Domain | 117 | ld.so |
|
| Details | Domain | 27 | www.uptycs.com |
|
| Details | File | 2 | dw.c4 |
|
| Details | File | 14 | network.tar |
|
| Details | File | 5 | syslog.tar |
|
| Details | File | 6 | network-online.tar |
|
| Details | File | 37 | multi-user.tar |
|
| Details | File | 1 | 下载2.gif |
|
| Details | File | 1 | 和d.py |
|
| Details | File | 4 | 2.gif |
|
| Details | File | 15 | urllib.url |
|
| Details | File | 12 | d.py |
|
| Details | File | 1205 | index.php |
|
| Details | File | 1 | 上文提到的k4spreader会从c2下载一个名字叫做2.gif |
|
| Details | md5 | 3 | 63a86932a5bad5da32ebd1689aa814b3 |
|
| Details | md5 | 3 | 915aec68a5b53aa7681a461a122594d9 |
|
| Details | md5 | 5 | b9f096559e923787ebb1288c93ce2902 |
|
| Details | sha1 | 2 | d96b9b6d2427c3e8be2f87de474715d06b11b972 |
|
| Details | sha1 | 2 | a2b34f3cfcf584e90c13580e9e0f8b9306e9f6c9 |
|
| Details | sha256 | 2 | 7bade55726a3a6e86d809836d1bc43f4f7702ecde9ceed80a09876c2efeff8d4 |
|
| Details | sha256 | 2 | f998aeb84da8b84723ca9fdbdeb565dbc7938bd0a0ce5f0981307b3e24bdf712 |
|
| Details | sha256 | 2 | 0897b1d3e3e453c160bf8d28a041eee3bd29e43a6f063faed7d3cb83a86b88cc |
|
| Details | sha256 | 2 | a980b1b0387534da7c9a321f7d450c02087f7a8445fc86b77785da0c510bbaa8 |
|
| Details | sha256 | 2 | 31fd924b9a5747befdf61c03b02c90d3c2ba93c8e1a9f798e6dfefe23767e1ae |
|
| Details | sha256 | 2 | 20d08d27631ae9bab8f3cb7cddd9b35fb75e5bee5764072f77ac3b4513307838 |
|
| Details | IPv4 | 4 | 185.172.128.146 |
|
| Details | IPv4 | 8 | 51.255.171.23 |
|
| Details | IPv4 | 4 | 167.114.114.169 |
|
| Details | Url | 2 | http://185.172.128.146:443/d.py").read |
|
| Details | Url | 2 | http://185.172.128.146/d.py").read |
|
| Details | Url | 2 | http://185.172.128.146:443/bin |
|
| Details | Url | 2 | http://185.172.128.146:443/bi.64 |
|
| Details | Url | 2 | http://185.172.128.146:443/bin.64 |
|
| Details | Url | 2 | http://run.sck-dns.ws/sys/index.php |
|
| Details | Url | 2 | http://run.sck-dns.cc/sys/index.php |
|
| Details | Url | 2 | https://www.uptycs.com/blog/8220-gang-cryptomining-cloud-based-infrastructure-cyber-threat |