Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows
Tags
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Cron - T1053.003 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Python - T1059.006 Regsvr32 - T1218.010 Server - T1583.004 Server - T1584.004 Vnc - T1021.005 Web Services - T1583.006 Web Services - T1584.006 Vulnerabilities - T1588.006 Brute Force - T1110 Mshta - T1170 Powershell - T1086 Regsvr32 - T1117
Show in Graph
Common Information
Type Value
UUID b0df4566-5f2b-42e6-b3e8-fee774ff5247
Fingerprint 8c19b1d3a9e335c9
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 17, 2018, noon
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 6:53 p.m.
Headline Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows
Title Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows
Detected Hints/Tags/Attributes 98/1/66
Source URLs
Redirection Url
Details Source https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com researchcenter.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details CVE 10 
cve-2016-3088
Details Domain 14 
pm.me
Details Domain 3 
rootv2.sh
Details Domain 3 
lowerv2.sh
Details Domain 1 
r88.sh
Details Domain 2 
3g2upl4pq6kufc4m.tk
Details Domain 2 
e3sas6tzvehwgpak.tk
Details Domain 3 
xmr.enjoytopic.tk
Details Domain 1 
png.realtimenews.tk
Details Domain 1 
daknobcq4zal6vbm.tk
Details Domain 2 
d3goboxon32grk2l.tk
Details Domain 3 
ejectrift.censys.xyz
Details Domain 3 
scan.censys.xyz
Details Domain 3 
api.leakingprivacy.tk
Details Domain 3 
news.realnewstime.xyz
Details Domain 3 
scan.realnewstime.xyz
Details Domain 3 
news.realtimenews.tk
Details Domain 3 
scanaan.tk
Details Domain 3 
scan.3g2upl4pq6kufc4m.tk
Details Domain 2 
scan.vfk2k5s5tfjr27tz.tk
Details Domain 3 
scan.blockbitcoin.tk
Details Domain 3 
blockbitcoin.com
Details Domain 358 
pastebin.com
Details Domain 396 
protonmail.com
Details Email 1 
backupsql@pm.me
Details Email 1 
backupsql@protonmail.com
Details Email 1 
backupdatabase@pm.me
Details File 4 
tt.txt
Details File 1 
tg.jpg
Details File 2 
m.png
Details File 1 
tmp.jpg
Details File 2 
scan.3g2
Details sha256 2 
7a18c7bdf0c504832c8552766dcfe0ba33dd5493daa3d9dbe9c985c1ce36e5aa
Details sha256 2 
0b9c54692d25f68ede1de47d4206ec3cd2e5836e368794eccb3daa632334c641
Details sha256 2 
dbc380cbfb1536dfb24ef460ce18bccdae549b4585ba713b5228c23924385e54
Details sha256 2 
5b790f02bdb26b6b6b270a5669311b4f231d17872aafb237b7e87b6bbb57426d
Details sha256 2 
e59be6eec9629d376a8a4a70fe9f8f3eec7b0919019f819d44b9bdd1c429277c
Details sha256 2 
f808a42b10cf55603389945a549ce45edc6a04562196d14f7489af04688f12bc
Details sha256 2 
dcd37e5b266cc0cd3fab73caa63b218f5b92e9bd5b25cf1cacf1afdb0d8e76ff
Details sha256 2 
de63ce4a42f06a5903b9daa62b67fcfbdeca05beb574f966370a6ae7fd21190d
Details sha256 2 
09968c4573580398b3269577ced28090eae4a7c326c1a0ec546761c623625885
Details sha256 2 
a27acc07844bb751ac33f5df569fd949d8b61dba26eb5447482d90243fc739af
Details sha256 2 
f888dda9ca1876eba12ffb55a7a993bd1f5a622a30045a675da4955ede3e4cb8
Details sha256 2 
31155bf8c85c6c6193842b8d09bda88990d710db9f70efe85c421f1484f0ee78
Details sha256 2 
725efd0f5310763bc5375e7b72dbb2e883ad90ec32d6177c578a1c04c1b62054
Details sha256 2 
d7fbd2a4db44d86b4cf5fa4202203dacfefd6ffca6a0615dca5bc2a200ad56b6
Details sha256 2 
ece3cfdb75aaabc570bf38af6f4653f73101c1641ce78a4bb146e62d9ac0cd50
Details IPv4 3 
142.44.215.177
Details IPv4 3 
144.217.61.147
Details Url 1 
http://3g2upl4pq6kufc4m.tk/zlibx
Details Url 1 
http://e3sas6tzvehwgpak.tk/xbashy
Details Url 1 
http://3g2upl4pq6kufc4m.tk/xbashy
Details Url 1 
http://3g2upl4pq6kufc4m.tk/xapache
Details Url 1 
http://3g2upl4pq6kufc4m.tk/libhttpd
Details Url 1 
http://xmr.enjoytopic.tk/l/rootv2.sh
Details Url 1 
http://xmr.enjoytopic.tk/l2/rootv2.sh
Details Url 1 
http://xmr.enjoytopic.tk/l/r88.sh
Details Url 1 
http://xmr.enjoytopic.tk/12/r88.sh
Details Url 1 
http://e3sas6tzvehwgpak.tk/lowerv2.sh
Details Url 1 
http://3g2upl4pq6kufc4m.tk/r88.sh
Details Url 1 
http://e3sas6tzvehwgpak.tk/xbashx
Details Url 1 
http://png.realtimenews.tk/m.png
Details Url 1 
http://daknobcq4zal6vbm.tk/tt.txt
Details Url 1 
http://d3goboxon32grk2l.tk/reg9.sct
Details Url 1 
https://pastebin.com/raw/xu74mzif
Details Url 1 
https://pastebin.com/raw/rbhjtzy6