Miner Malware Uses Multiple Propagation Methods
Tags
country: Australia China Hong Kong India Japan Vietnam Taiwan
maec-delivery-vectors: Watering Hole
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Pass The Hash - T1550.002 Powershell - T1059.001 Python - T1059.006 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Brute Force - T1110 Pass The Hash - T1075 Powershell - T1086 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID c37c7b7b-355c-4d95-9083-e18912acde03
Fingerprint ae04ad448d7b8fc3
Analysis status DONE
Considered CTI value 2
Text language
Published April 12, 2019, midnight
Added to db Oct. 15, 2024, 5:27 p.m.
Last updated Oct. 22, 2024, 7:59 a.m.
Headline Miner Malware Uses Multiple Propagation Methods
Title Miner Malware Uses Multiple Propagation Methods
Detected Hints/Tags/Attributes 59/3/41
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_no/research/19/d/miner-malware-spreads-beyond-china-uses-multiple-propagation-methods-including-eternalblue-powershell-abuse.html
Details Source https://www.trendmicro.com/en_ca/research/19/d/miner-malware-spreads-beyond-china-uses-multiple-propagation-methods-including-eternalblue-powershell-abuse.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Domain 6 
beahh.com
Details Domain 2 
hacktool.win32.impacket.ai
Details Domain 3 
down.beahh.com
Details Domain 3 
ii.ackng.com
Details Domain 2 
log.beahh.com
Details Domain 4 
oo.beahh.com
Details Domain 6 
pp.abbny.com
Details Domain 3 
y6h.net
Details Domain 3 
lplp1.abbny.com
Details Domain 2 
lplp1.ackng.com
Details Domain 3 
lplp1.beahh.com
Details File 38 
trojan.ps1
Details File 26 
run.bat
Details File 3 
flashplayer.tmp
Details File 3 
sign.txt
Details File 2 
%temp%\kkk1.log
Details File 2 
%temp%\pp2.log
Details File 2 
%temp%\333.log
Details File 2 
%temp%\kk4.log
Details File 2 
%temp%\kk5.log
Details File 2 
impacket.ai
Details File 2 
c32.dat
Details File 3 
new.dat
Details File 14 
t.php
Details File 3 
logging.php
Details File 8 
upgrade.php
Details sha256 2 
3f28cace99d826b3fa6ed3030ff14ba77295d47a4b6785a190b7d8bc0f337e41
Details sha256 2 
7c402add8feffadc6f07881d201cb21bc4b39df98709917949533f6febd53b6e
Details sha256 3 
aaef385a090d83639fb924c679b2ff22e90ae9377774674d537670a975513397
Details sha256 2 
e28b7c8b4fc37b0ef91f32bd856dd71599acd2f2071fcba4984cc331827c0e13
Details sha256 3 
fa0978b3d14458524bb235d6095358a27af9f2e9281be7cd0eb1a4d2123a8330
Details Url 2 
http://v.beahh.com/wm?hp
Details Url 2 
http://down.beahh.com/c32.dat
Details Url 2 
http://down.beahh.com/new.dat?allv5
Details Url 2 
http://ii.ackng.com/t.php?id={computer
Details Url 2 
http://log.beahh.com/logging.php?ver=5p
Details Url 2 
http://oo.beahh.com/t.php?id={computer
Details Url 2 
http://p.beahh.com/upgrade.php
Details Url 2 
http://pp.abbny.com/t.php?id={computer
Details Url 3 
http://v.y6h.net/g?h
Details Url 3 
http://v.y6h.net/g?l