Outlaw Group Distributes Cryptocurrency-Mining Botnet
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Cloud Services - T1021.007 Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110 Remote Desktop Protocol - T1076 Denial Of Service
Show in Graph
Common Information
Type Value
UUID 9b6acaf7-253c-47ed-a5d2-0f83463fc5ad
Fingerprint b5a1bcd324a7af87
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 19, 2018, midnight
Added to db Jan. 18, 2023, 9:05 p.m.
Last updated Nov. 17, 2024, 6:45 p.m.
Headline Outlaw Group Distributes Cryptocurrency-Mining Botnet
Title Outlaw Group Distributes Cryptocurrency-Mining Botnet
Detected Hints/Tags/Attributes 77/2/29
Source URLs
Redirection Url
Details Source https://blog.trendmicro.com/trendlabs-security-intelligence/outlaw-group-distributes-botnet-for-cryptocurrency-mining-scanning-and-brute-force/
Details Source https://www.trendmicro.com/en_se/research/18/k/outlaw-group-distributes-botnet-for-cryptocurrency-mining-scanning-and-brute-force.html
Details Source https://www.trendmicro.com/en_gb/research/18/k/outlaw-group-distributes-botnet-for-cryptocurrency-mining-scanning-and-brute-force.html
Details Source https://www.trendmicro.com/en_hk/research/18/k/outlaw-group-distributes-botnet-for-cryptocurrency-mining-scanning-and-brute-force.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Details trendmicro.com blog.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Domain 3 
min.sh
Details Domain 11 
coinminer.sh
Details Domain 145 
libc.so
Details Domain 3 
www.karaibe.us
Details Domain 49 
trojan.sh
Details Domain 3 
sparky.sh
Details Domain 2 
coinminer.linux.malxmr.ai
Details File 3 
finish.php
Details File 7 
trojan.php
Details File 2 
malxmr.ai
Details sha256 2 
4d62e6fd9e16b05a16859582cbbf6e841e2097ac6f25f35f2e078b3dfb490bb9
Details sha256 2 
fac368bf471cb8152aad779884294352e5ebaee19efcecb6c5c147e3ada8997f
Details sha256 2 
6163a3ca3be7c3b6e8449722f316be66079207e493830c1cf4e114128f4fb6a4
Details sha256 2 
4928a79c9e06cf4efe0110afada7ee8f1141c3f9021aff5419946cb535b99a0e
Details sha256 2 
3f1fb3cb0cf903278934b7bd17581e49f3ac1b4eef4493096105a2ed792151b9
Details sha256 1 
af4ad9bf3e954c6deae18154273b4f5ea37364b3fe1536f4ae362ef15a6ced38
Details sha256 2 
45ed59d5b27d22567d91a65623d3b7f11726f55b497c383bc2d8d330e5e17161
Details sha256 1 
7fe9d6d8b9390020862ca7dc9e69c1e2b676db5898e4bfad51d66250e9af3eaf
Details sha256 2 
c890d18fe3753a9ea4d026fc713247a9b83070b6fe40539779327501916be031
Details sha256 2 
df51c6b13714079bbf276d5c5f907d873eb48f283d617415ff351a25bf834332
Details sha256 2 
1f2c76173c7a1fbb6b28c6b9e0b8bceccbbbf2bea07518f71eb8cf21d13c7ac7
Details sha256 1 
5ffb00a0176f8797e81b242209ec7a6a29bbfac392259bf018f746a32bfd401d
Details sha256 2 
1f69b1441d5c6e351cae4c05ded6af7b2461b63b7bb52d5d9c40586d8acf545f
Details sha256 2 
dca76c1502a5f2307b81c71f9283097872ab842bf5e1ea12a36983d6c61675c4
Details sha256 2 
4b5bd8eeb308cd0e73c42e5de9c994822b06924a42f4782c090b33c56fc27979
Details sha256 2 
8a4c8912c35449c194844b87cb7bace340e6ed3ba5ae141088a68054c8de1aad
Details sha256 3 
97093a1ef729cb954b2a63d7ccc304b18d0243e2a77d87bbbb94741a0290d762
Details Url 3 
http://www.karaibe.us/.foo/min.sh
Details Url 3 
http://www.karaibe.us/.foo/remote/info.php