MCCrash: Cross-platform DDoS botnet targets private Minecraft servers - Microsoft Security Blog
Tags
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 Firmware - T1592.003 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Brute Force - T1110 Connection Proxy - T1090 Powershell - T1086 Default Credentials Denial Of Service
Show in Graph
Common Information
Type Value
UUID de66d43b-2d3f-4feb-ba27-def39b5391c1
Fingerprint 87917a84fd37fcc3
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 15, 2022, 10 a.m.
Added to db Feb. 18, 2023, 12:57 a.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline MCCrash: Cross-platform DDoS botnet targets private Minecraft servers
Title MCCrash: Cross-platform DDoS botnet targets private Minecraft servers - Microsoft Security Blog
Detected Hints/Tags/Attributes 71/1/28
Source URLs
Redirection Url
Details Source https://www.microsoft.com/en-us/security/blog/2022/12/15/mccrash-cross-platform-ddos-botnet-targets-private-minecraft-servers/
URL Provider
Details Provider Source level domain
Details microsoft.com www.microsoft.com
Attributes
Details Type #Events CTI Value
Details Domain 4 
malicious.py
Details Domain 2 
updater.zip
Details Domain 1 
event.net
Details Domain 1 
repo.ark-event.net
Details Domain 1 
mccrash.ma
Details Domain 207 
learn.microsoft.com
Details Domain 4128 
github.com
Details File 1122 
svchost.exe
Details File 12 
svchosts.exe
Details File 4 
malicious.py
Details File 3 
updater.zip
Details File 1 
kmsauto++.exe
Details File 2 
w10digitalactivation.exe
Details File 1 
dcloader.exe
Details File 2126 
cmd.exe
Details File 1208 
powershell.exe
Details Github username 21 
azure
Details sha256 1 
e3361727564b14f5ee19c40f4e8714fab847f41d9782b157ea49cc3963514c25
Details sha256 1 
143614d31bdafc026827e8500bdc254fc1e5d877cb96764bb1bd03afa2de2320
Details sha256 1 
f9c7dd489dd56e10c4e003e38428fe06097aca743cc878c09bf2bda235c73e30
Details sha256 1 
4e65ec5dee182070e7b59db5bb414e73fe87fd181b3fc95f28fe964bc84d2f1f
Details sha256 1 
eb57788fd2451b90d943a6a796ac5e79f0faf7151a62c1d07b744a351dcfa382
Details sha256 1 
93738314c07ea370434ac30dad6569c59a9307d8bbde0e6df9be9e2a7438a251
Details sha256 1 
202ac3d32871cb3bf91b7c49067bfc935fbc7f0499d357efead1e9f7f5fcb9d1
Details Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) 1 
DEV-1028
Details Url 6 
https://learn.microsoft.com/azure/sentinel/sentinel-solutions-deploy
Details Url 1 
https://github.com/azure/azure-sentinel/blob/master/detections/syslog/ssh_potentialbruteforce.yaml
Details Url 2 
https://github.com/azure/azure-sentinel/blob/master/hunting