ioc[.]one - OSINT Cyber Threat Intelligence Database

Mining Worm Goes Polymorphic, Gets AutoHotKey Variant

Tags

attack-pattern:

Data Botnet - T1583.005 Botnet - T1584.005 Malware - T1587.001 Malware - T1588.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Scheduled Task - T1053 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	a7d5bd62-2eb8-4ef4-b92c-a521ef176456
Fingerprint	3630899c249167cd
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 23, 2018, midnight
Added to db	Oct. 15, 2024, 5:13 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Mining Worm Goes Polymorphic, Gets AutoHotKey Variant
Title	Mining Worm Goes Polymorphic, Gets AutoHotKey Variant
Detected Hints/Tags/Attributes	63/1/40

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_ca/research/18/d/monero-mining-retadup-worm-goes-polymorphic-gets-an-autohotkey-variant.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	newalpha.alphanoob.com
Details	Domain	2	superalpha.radnewage.com
Details	Domain	2	superalpha.newminersage.com
Details	Domain	2	newalpha.super-gamezer.com
Details	Domain	2	noobminer.publicvm.com
Details	Domain	2	newminer.newminersage.com
Details	File	1	c:\bqspogcjposfemiigrgmk\bqspogcjposfemiigrgmk.exe
Details	File	88	1.txt
Details	File	2	streamer.exe
Details	File	1	liveworker.exe
Details	File	1	superchecker.exe
Details	File	1	speedup.exe
Details	File	1	nova.exe
Details	File	1	cpuchecker.exe
Details	File	1	cpuchecker32.exe
Details	File	1	radnsasdxx.txt
Details	File	380	notepad.exe
Details	File	1260	explorer.exe
Details	File	12	wuapp.exe
Details	File	1122	svchost.exe
Details	md5	1	7375706572636865636B65722E657865
Details	md5	1	637075636865636B657233322E657865
Details	sha256	1	0d46314542c3fd60a96f0278d9e0c324f2a45637bf2461a9b9b5fbef22aa22ab
Details	sha256	1	0349720802e1bee7cccef494200fba9acc4bae5fd9b1c722f14f1e8dcc3e722a
Details	sha256	1	f8240d76439fd77a826e5638ef4af539060acc88ac6a907efda83340fb0e99e7
Details	sha256	1	84b5dfba8d21946097fdef49d88882808caeb40950a1ab272daf20658e55ef7f
Details	sha256	1	aa9a5def84f907a46c4261b095b2e55e04e95829f2f467487897ff8813bc512b
Details	sha256	1	284f986003df842b7bdde0fc47c4c8878f7b984cfca3cb1ec893c5c8a570b417
Details	sha256	1	d9bdeeddf9a884185086e28d66ceec8d9ceccc33258b7089a7b2f4552e1a1bea
Details	sha256	1	846a78fbc154acaf43095a767dd423326afe4383d2b597c01b09cd01a6e6c978
Details	sha256	1	4495e70226cb68011cdff8a60f4e7b8374906dd056534087ca93dd2911e29a99
Details	sha256	1	23f4033fe8e192767fb9e4bcbf7b7a9056a1e6d72954fbf18006eca4697c963a
Details	sha256	1	e0da6d7df87c1a7471949c6969a677c720fd442eb0be1aa15caf2a4105dc26c0
Details	Url	1	http://newalpha.alphanoob.com:9898
Details	Url	1	http://superalpha.radnewage.com:9898
Details	Url	1	http://superalpha.newminersage.com:3333
Details	Url	1	http://newalpha.super-gamezer.com:9333
Details	Url	1	http://newalpha.alphanoob.com:9999
Details	Url	1	http://noobminer.publicvm.com:9898
Details	Url	1	http://newminer.newminersage.com:9393