ioc[.]one - OSINT Cyber Threat Intelligence Database

Malicious Campaign luoxk Is Actively Exploiting CVE-2018-2893

Tags

country:	China
maec-delivery-vectors:	Watering Hole
attack-pattern:	Botnet - T1583.005 Botnet - T1584.005 Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	ca4dae2d-6a4b-42e6-a169-758c9507657f
Fingerprint	b2030941ecc711c1
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 23, 2018, midnight
Added to db	Jan. 18, 2023, 7:36 p.m.
Last updated	Nov. 12, 2024, 2:01 a.m.
Headline	Malicious Campaign luoxk Is Actively Exploiting CVE-2018-2893
Title	Malicious Campaign luoxk Is Actively Exploiting CVE-2018-2893
Detected Hints/Tags/Attributes	36/3/53

Source URLs

	Redirection	Url
Details	Source	http://blog.netlab.360.com/malicious-campaign-luoxk-is-actively-exploiting-cve-2018-2893/

URL Provider

Details	Provider	Source level domain
Details	360.com	blog.netlab.360.com

Attributes

Details	Type	#Events	Value
Details	Autonomous System Number	19	AS4837
Details	Autonomous System Number	4	AS21859
Details	CVE	7	cve-2018-2893
Details	Domain	2	luoxkexp.com
Details	Domain	23	os.name
Details	Domain	1	testshell.sh
Details	Domain	1	gen.sh
Details	Domain	1	a4.sh
Details	Domain	1	a5.sh
Details	Domain	21	pool.minexmr.com
Details	Domain	1	xmr.luoxkexp.com
Details	Domain	2	www.luoxkexp.com
Details	Domain	1	v7.luoxkexp.com
Details	Domain	1	luoxk.f3322.net
Details	File	1	jexremotetools.jar
Details	File	16	360safe.exe
Details	File	33	360tray.exe
Details	File	9	aaa.exe
Details	File	1	59081.exe
Details	File	1	ver1.txt
Details	File	1	xmr64.exe
Details	File	12	version.txt
Details	File	1	jjj.exe
Details	File	59	2.exe
Details	File	156	1.exe
Details	md5	1	2f7df3baefb1cdcd7e7de38cc964c9dc
Details	md5	1	ff03c749b49d7dacdf50ded3c4030e61
Details	md5	1	f34ec3ff56918c13f454472587868393
Details	md5	2	e1df71c38cea61397e713d6e580e9051
Details	md5	1	a8538f6d35362481749d1fd338b6b17d
Details	IPv4	1	116.211.167.112
Details	IPv4	1	192.225.225.154
Details	IPv4	1	103.99.115.220
Details	IPv4	1	121.18.238.56
Details	Url	1	http://103.99.115.220:8080/jexremotetools.jar
Details	Url	1	http://121.18.238.56:8080/aaa.exe
Details	Url	1	http://121.18.238.56:8080/testshell.sh
Details	Url	1	http://121.18.238.56:8080/syn_145
Details	Url	1	http://121.18.238.56:8080/a4.sh
Details	Url	1	http://121.18.238.56:8080/syn_7008
Details	Url	1	http://121.18.238.56:8080/a5.sh
Details	Url	1	http://121.18.238.56/xmrig
Details	Url	1	http://luoxkexp.com:8099/ver1.txt
Details	Url	1	http://xmr.luoxkexp.com:8888/xmrig
Details	Url	1	http://xmr.luoxkexp.com:8888/xmr64.exe
Details	Url	1	http://xmr.luoxkexp.com:8888/version.txt
Details	Url	1	http://xmr.luoxkexp.com:8888/jjj.exe
Details	Url	1	http://xmr.luoxkexp.com:8888/7799
Details	Url	1	http://xmr.luoxkexp.com:8888/2.exe
Details	Url	1	http://xmr.luoxkexp.com:8888/1.sh
Details	Url	1	http://xmr.luoxkexp.com:8888/1.exe
Details	Url	1	http://xmr.luoxkexp.com
Details	Url	1	http://xmr.luoxkexp.com/1.exe