ioc[.]one - OSINT Cyber Threat Intelligence Database

Monero-Mining Malware PCASTLE Uses Fileless Techniques

Tags

country:	Australia China Hong Kong India Japan Vietnam Taiwan
attack-pattern:	Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110 Powershell - T1086 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	db88eca7-a2f3-4cf6-b1d0-79d44ff379e9
Fingerprint	a684aa923715cf45
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 5, 2019, midnight
Added to db	Feb. 17, 2023, 11:37 p.m.
Last updated	Oct. 22, 2024, 7:59 a.m.
Headline	Monero-Mining Malware PCASTLE Uses Fileless Techniques
Title	Monero-Mining Malware PCASTLE Uses Fileless Techniques
Detected Hints/Tags/Attributes	58/2/10

Source URLs

	Redirection	Url
Details	Source	https://blog.trendmicro.com/trendlabs-security-intelligence/monero-mining-malware-pcastle-zeroes-back-in-on-china-now-uses-multilayered-fileless-arrival-techniques/
Details	Source	https://www.trendmicro.com/en_us/research/19/f/monero-mining-malware-pcastle-zeroes-back-in-on-china-now-uses-multilayered-fileless-arrival-techniques.html
Details	Source	https://www.trendmicro.com/en_ca/research/19/f/monero-mining-malware-pcastle-zeroes-back-in-on-china-now-uses-multilayered-fileless-arrival-techniques.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com
Details	trendmicro.com	blog.trendmicro.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	3		zer2.com
Details	Domain	2		down.ackng.com
Details	Domain	3		lpp.zer2.com
Details	Domain	2		lpp.ackng.com
Details	File	38		trojan.ps1
Details	sha256	1		90c80135f1d8030437785ce25ab1297e4c895c7f74b92bdb609b66cdb41de8fd
Details	sha256	2		ef8505ffb1526d36b05da851e50e27f87e35131e40a03095ace1b55b7662de9c
Details	sha256	1		33d94fcf397d36ec8df8d55c378b13bb4509f41975ebb835708e3a4cdae749b3
Details	sha256	2		1cff6e4e3bac810f22f27ac5e6b13012ebed27bbace1544e38c09fefb2a7e7c9
Details	sha256	2		4e4015a1c9c6327fdf18a4e41a0586f5083e055bbc93f260d58da2897bddea45