ioc[.]one - OSINT Cyber Threat Intelligence Database

LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab – Sysdig

Tags

country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Credentials - T1589.001 Cron - T1053.003 Exploits - T1587.004 Exploits - T1588.005 Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Systemd Service - T1543.002 Systemd Service - T1501 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Hooking - T1179 New Service - T1050 Rootkit - T1014 Hooking Rootkit

Show in Graph

Common Information

Type	Value
UUID	b970a6d3-b0ea-4f5c-80fe-e898874e9fb3
Fingerprint	3431d9518c2596c1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 17, 2023, midnight
Added to db	Oct. 24, 2023, 1:15 p.m.
Last updated	Nov. 13, 2024, 10:22 p.m.
Headline	LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab
Title	LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab – Sysdig
Detected Hints/Tags/Attributes	105/3/60

Source URLs

	Redirection	Url
Details	Source	https://sysdig.com/blog/labrat-cryptojacking-proxyjacking-campaign/

URL Provider

Details	Provider	Source level domain
Details	sysdig.com	sysdig.com

Attributes

Details	Type	#Events	Value
Details	CVE	43	cve-2021-22205
Details	CVE	60	cve-2021-4034
Details	Domain	1	passage-television-gardening-venue.trycloudflare.com
Details	Domain	15	trycloudflare.com
Details	Domain	10	deploy.sh
Details	Domain	1	proxylite.ru
Details	Domain	1	osplatform.windows
Details	Domain	41	multi-user.target
Details	Domain	1	desertplanets.com
Details	Domain	1	bs.zip
Details	Domain	1	s2.zip
Details	Domain	1	s3.zip
Details	Domain	1	separate-discussing-refrigerator-field.trycloudflare.com
Details	Domain	1	coffee-abandoned-predicted-skype.trycloudflare.com
Details	Domain	1	karma-adopt-income-jeffrey.trycloudflare.com
Details	File	1	proxyservice.core
Details	File	2	deps.json
Details	File	1	runtimeconfig.json
Details	File	1	runtimeinformation.iso
Details	File	37	multi-user.tar
Details	File	1	bs.zip
Details	File	3	s.zip
Details	File	1	s2.zip
Details	File	1	s3.zip
Details	File	1	f_ab.tar
Details	File	1	f_aa.tar
Details	File	1	netcoreapp-latest.tar
Details	sha256	1	ff4b30f45ec635f28801a24a175bbf7479fbcbf01131c7ff086ccd6cb64f2e8c
Details	sha256	1	4fd39d545d877720a86a1858d5af6ac50a432c13b83abc01ca1a59f96f6c67c0
Details	sha256	1	0654789ea795e18c762ddde2de3215092065c7d26fde122e04cbcdf399a43b02
Details	sha256	1	6fad185a92c7a718e80e6f0c4d5fa4155e21545cfe2edf03e70f21604deb89ba
Details	sha256	1	c236b6337572217eb83dc628579bcd4cd5dfb13c35cca54757f34fb9abf3edd6
Details	sha256	1	bee54e68d49cef7723dee09f39174245c015dd2dcf62ee8ffee6f4a156813d46
Details	sha256	1	7162a27a795d3ae13d0b8a6df0d7aa75fbefa74f8cb086ee46fdab0368d8ea07
Details	sha256	1	846ef36e262ce34203ca82ec84b95ae7bd316d162ee184845fda7b957e22b640
Details	sha256	1	00df3dc4fe3a1c12acf3180d097ca88e0219331ae5cb6989fa4c3262597a2aba
Details	sha256	1	eb6a93b1a7a05b0f644426a57a54446728868bde9a531e31cfb8849a4b3c4824
Details	sha256	1	34dd0357f281c0a402afa8df60452f4ff4dcb68d2de162f39514ab3ece0f18f8
Details	sha256	1	d475ed387f2960611833348ba740d44b707a913bcd088f9731337a909a854c4c
Details	sha256	1	96db518610ef5c4b08d454a0f931db619fa09d193ac05b10d5600d4652af6ee3
Details	sha256	1	519ca08cc6b08b027441cd95dcb7ee5be6f9328a24687ab770a65e9246e8d4e9
Details	sha256	1	06ebe58e033b9228124a0575fddd6d2fde03afceef9ae030c92cb6640e3baebf
Details	sha256	1	75c775c26345ddaeda2a29775263433f92e62491fdc888d8deb320970da8cd77
Details	sha256	1	10512112e62cd1cffee4e167651897970d7fef2c004fd784addcbcd23376ea22
Details	sha256	1	9f8eefd3199485b374728c8d51e700cc466f1a34b09f33a83b06775ebfb2f34a
Details	sha256	1	8c7891a70dba1067308c75708ada89957324927b6c9860cad9291220869efcc1
Details	sha256	1	fc366b6b33f71cc3d5ba64551fc6c825b611045499dc8b41d2f2c70368301967
Details	sha256	1	234f2f1ed4a13ea98074aec5de9e760c77845e8011746e51b7397b9eac3ae808
Details	sha256	1	5edf76c338cba244ba54ea3380b39531b1fdda13dfe447b17d40f24affb9d2f5
Details	IPv4	1	192.227.165.88
Details	IPv4	1	172.245.226.47
Details	IPv4	1	23.94.204.157
Details	IPv4	1	107.173.154.7
Details	IPv4	1	1.234.16.54
Details	IPv4	1	123.30.179.206
Details	Url	1	https://passage-television-gardening-venue.trycloudflare.com/v3
Details	Url	1	https://separate-discussing-refrigerator-field.trycloudflare.com
Details	Url	1	https://passage-television-gardening-venue.trycloudflare.com
Details	Url	1	https://coffee-abandoned-predicted-skype.trycloudflare.com
Details	Url	1	https://karma-adopt-income-jeffrey.trycloudflare.com