ioc[.]one - OSINT Cyber Threat Intelligence Database

Monero Miner-Malware Uses RADMIN, MIMIKATZ to Infect

Tags

country:	China Hong Kong Italy Taiwan
attack-pattern:	Credentials - T1589.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Scheduled Task - T1053.005 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	d41781a2-c130-422e-b2d2-122e54a96d21
Fingerprint	a7942d5b84b3d68f
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 20, 2019, midnight
Added to db	Jan. 18, 2023, 9:04 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Monero Miner-Malware Uses RADMIN, MIMIKATZ to Infect
Title	Monero Miner-Malware Uses RADMIN, MIMIKATZ to Infect
Detected Hints/Tags/Attributes	48/2/17

Source URLs

	Redirection	Url
Details	Source	https://blog.trendmicro.com/trendlabs-security-intelligence/monero-miner-malware-uses-radmin-mimikatz-to-infect-propagate-via-vulnerability/
Details	Source	https://www.trendmicro.com/en_ca/research/19/b/monero-miner-malware-uses-radmin-mimikatz-to-infect-propagate-via-vulnerability.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com
Details	trendmicro.com	blog.trendmicro.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	2		trojan.win32.infosteal.ads
Details	Domain	2		coinminer.win32.malxmr.ads
Details	Domain	2		trojan.ps1.mimikatz.ads
Details	Domain	3		hacktool.win32.radmin.gb
Details	File	7		win32.inf
Details	File	2		c:\windows\temp\ttt.exe
Details	File	41		svhost.exe
Details	File	1122		svchost.exe
Details	File	117		taskmgr.exe
Details	File	38		trojan.ps1
Details	File	12		c:\windows\temp\svchost.exe
Details	sha256	2		bdbfa96d17c2f06f68b3bcc84568cf445915e194f130b0dc2411805cf889b6cc
Details	sha256	3		d41e371d15ef33bdbf1a2011c27e2475cd9ad492b3cb64489ac7047dbadffeb2
Details	sha256	3		d943bc6dc7614894cc1c741c6c18ac2dbd2c5069f3ab9bc9def5cc2661e54dee
Details	sha256	9		3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b953793a7e499e7f71
Details	sha256	2		735d9699b69b3ae2d27cbf452d488e1d1adbe643c8228e7093d012bf7fcff6de
Details	sha256	2		01b842cab76c78a1d9860ade258923772fe3b08ae7a428d5f54e1bf9d9c3b205