RedisWannaMine Unveiled: New Cryptojacking Attack Powered by Redis and NSA Exploits
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | a9c6f2ab-8635-4338-a5e7-5632b8a67c84 |
| Fingerprint | 85a9985b88e3de81 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 8, 2018, 6:45 p.m. |
| Added to db | Jan. 18, 2023, 11:23 p.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | RedisWannaMine Unveiled: New Cryptojacking Attack Powered by Redis and NSA Exploits |
| Title | RedisWannaMine Unveiled: New Cryptojacking Attack Powered by Redis and NSA Exploits |
| Detected Hints/Tags/Attributes | 52/2/43 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 28 | cve-2017-9805 |
|
| Details | Domain | 71 | transfer.sh |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 1 | redisscan.sh |
|
| Details | Domain | 1 | redisrun.sh |
|
| Details | Domain | 1 | ebscan.sh |
|
| Details | Domain | 1 | ebrun.sh |
|
| Details | Domain | 76 | ipfs.io |
|
| Details | Domain | 1 | admission.fri3nds.in |
|
| Details | Domain | 1 | order.py |
|
| Details | Domain | 1 | rangeip.py |
|
| Details | File | 7 | x64.bin |
|
| Details | File | 1 | poc.vbs |
|
| Details | File | 1 | admissioninit.exe |
|
| Details | File | 1 | admission.exe |
|
| Details | File | 1 | xmr-32.exe |
|
| Details | File | 1 | xmr-64.exe |
|
| Details | File | 1 | eternalblue_exploit7.py |
|
| Details | File | 1 | eternalblue_exploit8.py |
|
| Details | File | 1 | order.py |
|
| Details | File | 1 | rangeip.py |
|
| Details | Github username | 6 | robertdavidgraham |
|
| Details | sha256 | 1 | 615f70c80567aab97827f1a0690987061e105f004fbc6ed8db8ebee0cca59113 |
|
| Details | sha256 | 1 | 260ef4f1bb0e26915a898745be873373f083227a4f996731f9a3885397a49e79 |
|
| Details | sha256 | 1 | 2d89b48ed09e68b1a228e08fd66508d349303f7dc5a0c26aa5144f69c65ce2f2 |
|
| Details | sha256 | 1 | eb010a63650f4aa58f58a66c3082bec115b2fec5635fa856838a43add059869d |
|
| Details | sha256 | 1 | f8428b0ceb5eaf1e496d79824a9c2b6c685fdeb2ddc36b036748ea71b15a5d79 |
|
| Details | sha256 | 1 | e1c9ffc6677c7c2a6edec5d47bdff5e572d8fdf57675c41ff9e63a8c20bb18db |
|
| Details | sha256 | 1 | cdadd649c42d28264277dd8edd5b6de23c8070fbf7b5a5ecdcbe03d99613efba |
|
| Details | sha256 | 1 | b2f5abb708c3481ad69aa459e3107c892bceafd26122129c84338cac92bf4797 |
|
| Details | sha256 | 1 | 99a4ded26895422707f7c92eca9c9d64212cc033c50010fb027fe32ab55386d9 |
|
| Details | sha256 | 1 | 34022a65a3eb93b109ed4c6e1233c6404197818a70f51ab654e2c7e474ee2539 |
|
| Details | sha256 | 1 | 9040274f28d8dbe9e2372fec6482964fa2de8a790c818a3238d0af5fda6c3dbf |
|
| Details | sha256 | 1 | c7ed3da4e8d29474909bb0c57e788799fbd3ff96a00e2a0d8f752ed494b9773f |
|
| Details | sha256 | 1 | e74e8b14e00de1cdf14d885e3b8a85d33e33e0b239e202243fc4edeeb84a1325 |
|
| Details | sha256 | 1 | 794a891cae3374bf28c78eeb3ca39bd59f6ed927f28477561cc0fd11909f34fb |
|
| Details | sha256 | 1 | 1bca0088f84d9642002e8d403efb77f75596a9d9c50f171e587a66cc804fa971 |
|
| Details | sha256 | 1 | e3d2088d0cf68efe57babddd7a6973ca5187a127f5e8932436a781391de0320c |
|
| Details | IPv4 | 1 | 147.135.130.181 |
|
| Details | IPv4 | 1 | 217.182.195.23 |
|
| Details | Url | 5 | https://github.com/robertdavidgraham/masscan |
|
| Details | Url | 2 | http://ipfs.io |
|
| Details | Url | 1 | http://admission.fri3nds.in |