Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners
Tags
attack-pattern: Data Model Botnet - T1583.005 Botnet - T1584.005 Exploits - T1587.004 Exploits - T1588.005 Hidden Window - T1564.003 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Powershell Profile - T1546.013 Powershell Profile - T1504 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Shell - T1505.003 Vulnerabilities - T1588.006 Hidden Window - T1143 Powershell - T1086 Scheduled Task - T1053 Web Shell - T1100
Show in Graph
Common Information
Type Value
UUID 94eae5c0-a1ab-461a-84d7-b1172d9cb504
Fingerprint d8a319b39877b5a3
Analysis status DONE
Considered CTI value 2
Text language
Published April 20, 2022, midnight
Added to db Oct. 15, 2024, 4:41 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Analyzing Attempts to Exploit the Spring4Shell Vulnerability CVE-2022-22965 to Deploy Cryptocurrency Miners
Title Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners
Detected Hints/Tags/Attributes 58/1/18
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_se/research/22/d/spring4shell-exploited-to-deploy-cryptocurrency-miners.html
Details Source https://www.trendmicro.com/en_my/research/22/d/spring4shell-exploited-to-deploy-cryptocurrency-miners.html
Details Source https://www.trendmicro.com/en_ie/research/22/d/spring4shell-exploited-to-deploy-cryptocurrency-miners.html
Details Source https://www.trendmicro.com/en_dk/research/22/d/spring4shell-exploited-to-deploy-cryptocurrency-miners.html
Details Source https://www.trendmicro.com/en_fi/research/22/d/spring4shell-exploited-to-deploy-cryptocurrency-miners.html
Details Source https://www.trendmicro.com/en_be/research/22/d/spring4shell-exploited-to-deploy-cryptocurrency-miners.html
Details Source https://www.trendmicro.com/en_gb/research/22/d/spring4shell-exploited-to-deploy-cryptocurrency-miners.html
Details Source https://www.trendmicro.com/en_no/research/22/d/spring4shell-exploited-to-deploy-cryptocurrency-miners.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details CVE 87 
cve-2022-22965
Details Domain 23 
os.name
Details Domain 12 
ldr.sh
Details Domain 1 
coinminer.sh.malxmr.sm
Details File 2126 
cmd.exe
Details File 1 
zbc0fb.jsp
Details File 1208 
powershell.exe
Details File 5 
ldr.ps1
Details File 31 
sys.exe
Details File 7 
text.reg
Details File 2 
ularexpressions.reg
Details File 38 
trojan.ps1
Details sha256 1 
093b72e9b4efcc30c1644a763697a235c9c3e496c421eceaac97d4babeba7108
Details sha256 1 
566b0187d8ff500d923859c98da2c96b8b581e93ac0c94dacba76328b34412b3
Details sha256 1 
67e38438759f34eaf50d8b38b6c8f18155bcc08a2e79066d9a367ea65e89aa3d
Details sha256 1 
93d380ba2bedd37c2313924784b26fec27c9e96e4c500b5cb78259b3c824ee4e
Details IPv4 10 
194.145.227.21
Details Windows Registry Key 112 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run