Uncovering a Kingminer Botnet Attack Using Trend Micro Managed XDR
Tags
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Control Panel - T1218.002 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006 Powershell - T1086 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID b8676652-5607-4a6e-a341-83f087677bb4
Fingerprint b423a9d5b5358fc3
Analysis status DONE
Considered CTI value 2
Text language
Published May 18, 2022, midnight
Added to db Oct. 15, 2024, 3:35 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Uncovering a Kingminer Botnet Attack Using Trend Microâ„¢ Managed XDR
Title Uncovering a Kingminer Botnet Attack Using Trend Micro Managed XDR
Detected Hints/Tags/Attributes 46/1/25
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_hk/research/22/e/uncovering-a-kingminer-botnet-attack-using-trend-micro-managed-x.html
Details Source https://www.trendmicro.com/en_nl/research/22/e/uncovering-a-kingminer-botnet-attack-using-trend-micro-managed-x.html
Details Source https://www.trendmicro.com/en_th/research/22/e/uncovering-a-kingminer-botnet-attack-using-trend-micro-managed-x.html
Details Source https://www.trendmicro.com/en_id/research/22/e/uncovering-a-kingminer-botnet-attack-using-trend-micro-managed-x.html
Details Source https://www.trendmicro.com/en_ph/research/22/e/uncovering-a-kingminer-botnet-attack-using-trend-micro-managed-x.html
Details Source https://www.trendmicro.com/en_se/research/22/e/uncovering-a-kingminer-botnet-attack-using-trend-micro-managed-x.html
Details Source https://www.trendmicro.com/en_ae/research/22/e/uncovering-a-kingminer-botnet-attack-using-trend-micro-managed-x.html
Details Source https://www.trendmicro.com/en_no/research/22/e/uncovering-a-kingminer-botnet-attack-using-trend-micro-managed-x.html
Details Source https://www.trendmicro.com/en_gb/research/22/e/uncovering-a-kingminer-botnet-attack-using-trend-micro-managed-x.html
Details Source https://www.trendmicro.com/en_dk/research/22/e/uncovering-a-kingminer-botnet-attack-using-trend-micro-managed-x.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details CVE 197 
cve-2019-0708
Details Domain 2 
ww.3113cfdae.com
Details Domain 2 
qqqe.1eaba4fdae.com
Details Domain 2 
trojan.vbs.malxmr.as
Details File 2 
%public%\gfghhjhyuq.vbs
Details File 119 
sqlservr.exe
Details File 2 
gfghhjhyuq.vbs
Details File 2 
sysdo.exe
Details File 2 
c:\windows\temp\sysdo.exe
Details File 1208 
powershell.exe
Details File 41 
msxml2.xml
Details File 3 
eb.txt
Details File 5 
c:\windows\system32\control.exe
Details File 127 
c:\windows\system32\rundll32.exe
Details File 185 
shell32.dll
Details File 409 
c:\windows\system32\cmd.exe
Details File 2 
fgfghhjhyuq.vbs
Details File 20 
trojan.vbs
Details File 38 
trojan.ps1
Details sha256 2 
0cf6882d750eea945a9b239dfeac39f65efd91b3d0811159707f1cec6cd80cc0
Details sha256 2 
cb29887a45aea646d08fa16b67a24848d8811a5f2a18426c77beaae9a0b14b86
Details Microsoft Patch Numbers 3 
KB4499175
Details Microsoft Patch Numbers 3 
KB4500331
Details Url 2 
http://ww.3113cfdae.com/eb.txt
Details Url 2 
http://qqqe.1eaba4fdae.com