ioc[.]one - OSINT Cyber Threat Intelligence Database

PGMiner: New Cryptocurrency Mining Botnet Delivered via PostgreSQL

Tags

attack-pattern:

Direct Botnet - T1583.005 Botnet - T1584.005 Dns Server - T1583.002 Dns Server - T1584.002 Exploits - T1587.004 Exploits - T1588.005 Impersonation - T1656 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	bf4f7a72-f7a1-4021-aa24-31d1344de0f0
Fingerprint	ac9029b3a5b507db
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 10, 2020, 2 p.m.
Added to db	Sept. 11, 2022, 12:43 p.m.
Last updated	Nov. 10, 2024, 9:35 p.m.
Headline	PGMiner: New Cryptocurrency Mining Botnet Delivered via PostgreSQL
Title	PGMiner: New Cryptocurrency Mining Botnet Delivered via PostgreSQL
Detected Hints/Tags/Attributes	75/1/33

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/pgminer-postgresql-cryptocurrency-mining-botnet/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	CVE	5	cve-2019-9193
Details	Domain	1	newt.keetup.com
Details	Domain	1	keepup.com
Details	Domain	1	nssnkct6udyyx6zlv4l6jhqr5jdf643shyerk246fs27ksrdehl2z3qd.onion
Details	Domain	1	jk5zra7b3yq32timb27n4qj5udk4w2l5kqn5ulhnugdscelttfhtoyd.onion
Details	Domain	1	reambusweduybcp.onion
Details	Domain	2	ojk5zra7b3yq32timb27n4qj5udk4w2l5kqn5ulhnugdscelttfhtoyd.onion
Details	Domain	2	dreambusweduybcp.onion
Details	File	1	root.bin
Details	sha256	1	55698654f0fbcf5a6d52f3f44bc0f2257e06835e76fb7142d449a2d1641d7e4b
Details	sha256	1	a935d364622ebefbee659caaa9d0af5828952ab9501591c935cf1f919e2a38ff
Details	sha256	1	6d296648fdbc693e604f6375eaf7e28b87a73b8405dc8cd3147663b5e8b96ff0
Details	sha256	1	6984a04d7e435499ff267cfaf913d51e8644f6c08db8069c56f9247f1e18ba71
Details	sha256	1	fef1a83ba6aba160116a8251462dd842f68464a5f767b2e3194820d62fef23b1
Details	sha256	1	864ece624b7069b929385f9cf741355a371e844aa3726d340f91549562e2c604
Details	sha256	1	d8c46be19ff3ea5b2c12f050f226a199aaa5f76cc1731c868e29eea6c68b6801
Details	sha256	1	8d44fbbefa0c59a65e21b0d1598ff7c51487ea1cede544d1c3f56d5db0ea7807
Details	sha256	1	41ef5c6b0cdd068f117902e59233991082a4ecb4877a1fb16016e756412f06ea
Details	sha256	1	1b1d6d5f01b26e4ccf6fff8f2626f9318084dc1123ac67ed7d02f955b72a1432
Details	sha256	1	0fc1332d2b20ea43d3c3fea50a48bb1991522bc6c79d518ba9b68a763ef2ad58
Details	sha256	1	8a13c3fe815f15a5600fda30d132dfbd4bb54d9c766da164060dd1d66b12e9e4
Details	sha256	1	6d95b593f0b5e3cc1985635ad2b943acb083833fea8123e7ac3f88f68e04edd6
Details	sha256	1	101ccbad7732fb185d51b91d31a67ff058cac3bc31ec36cec05094065a97d6fd
Details	sha256	1	d4cf8cfb4dc9cc3101b8c850369a71af70f11e67df7e41e9af98624ebe54ff4a
Details	sha256	1	47d56fcbf5d90b9c513d8d38a2c00e4bad6ea4e1d17b05dd37feb4d63b2856e1
Details	sha256	1	e3c5abe56964ddb3b4f0b3c434a9af145efca558307c65d30e8acc5aed45bedc
Details	sha256	1	524cce2cf615809bc08ca80facf95f2be7c5071c4cb3eac38c20a1f0ed39ce1f
Details	IPv4	81	172.16.0.0
Details	IPv4	124	192.168.0.0
Details	IPv4	132	10.0.0.0
Details	IPv4	1	190.0.0.0
Details	IPv4	2	66.0.0.0
Details	IPv4	1	94.237.85.89