ioc[.]one - OSINT Cyber Threat Intelligence Database

Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”

Tags

country:	China
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Network Security Appliances - T1590.006 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Web Shell - T1505.003 Trap - T1546.005 Tool - T1588.002 Vulnerabilities - T1588.006 Powershell - T1086 Remote Access Tools - T1219 Web Shell - T1100 Trap - T1154

Show in Graph

Common Information

Type	Value
UUID	e0a44ebb-168a-4c37-958d-f77434b8e84a
Fingerprint	2526059191fe160d
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 17, 2019, 11:09 a.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Vulnerability Information
Title	Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”
Detected Hints/Tags/Attributes	89/3/111

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/2019/09/panda-evolution.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	Value
Details	China National Vulnerability Database CNVD	1	CNVD-2018-24942
Details	CVE	81	cve-2017-10271
Details	CVE	122	cve-2017-5638
Details	CVE	66	cve-2019-2725
Details	Domain	1	list.idc3389.top
Details	Domain	1	kingminer.club
Details	Domain	1	rat.kingminer.club
Details	Domain	1	idc3389.top
Details	Domain	1	bulehero.in
Details	Domain	3	ip138.com
Details	Domain	1	a46.bulehero.in
Details	Domain	1	hognoob.se
Details	Domain	2	fid.hognoob.se
Details	Domain	2	uio.hognoob.se
Details	Domain	2	2019.ip138.com
Details	Domain	1	wiu.fxxxxxxk.me
Details	Domain	1	fxxk.noilwut0vv.club
Details	Domain	1	fxxxxxxk.me
Details	Domain	1	ckingmy.life
Details	Domain	1	cb.fuckingmy.life
Details	Domain	1	oo.mygoodluck.best
Details	Domain	1	li.bulehero2019.club
Details	Domain	1	mi.oops.best
Details	Domain	1	mx.oops.best
Details	Domain	904	snort.org
Details	Domain	1	a45.bulehero.in
Details	Domain	1	a47.bulehero.in
Details	Domain	1	a48.bulehero.in
Details	Domain	1	a88.bulehero.in
Details	Domain	1	a88.heroherohero.info
Details	Domain	1	aic.fxxxxxxk.me
Details	Domain	1	axx.bulehero.in
Details	Domain	1	cnm.idc3389.top
Details	Domain	1	down.idc3389.top
Details	Domain	1	haq.hognoob.se
Details	Domain	1	idc3389.cc
Details	Domain	1	idc3389.pw
Details	Domain	1	nrs.hognoob.se
Details	Domain	1	pool.bulehero.in
Details	Domain	1	pxi.hognoob.se
Details	Domain	1	pxx.hognoob.se
Details	Domain	1	q1a.hognoob.se
Details	Domain	1	qie.fxxxxxxk.me
Details	Domain	1	rp.oiwcvbnc2e.stream
Details	Domain	1	uio.heroherohero.info
Details	Domain	1	upa1.hognoob.se
Details	Domain	1	upa2.hognoob.se
Details	Domain	1	yxw.hognoob.se
Details	Domain	1	zik.fxxxxxxk.me
Details	File	9	downloader.exe
Details	File	7	13.exe
Details	File	11	download.exe
Details	File	6	cfg.ini
Details	File	1	cacsl.exe
Details	File	1	c:\windows\appveif.exe
Details	File	2	ic.asp
Details	File	1	appveif.exe
Details	File	1	hydra.php
Details	File	1	autzipmfvidixxr7407.exe
Details	File	1	wercplshost.exe
Details	File	226	certutil.exe
Details	File	1	upnpprhost.exe
Details	File	1	c:\windows\temp\upnpprhost.exe
Details	File	1	scant.txt
Details	File	29	ip.txt
Details	File	16	results.txt
Details	File	1	xblzcdsafdmqslz19595.exe
Details	File	1	sppuihost.exe
Details	File	1	trapceapet.exe
Details	sha256	1	2df8cfa5ea4d63615c526613671bbd02cfa9ddf180a79b4e542a2714ab02a3c1
Details	sha256	1	fa4889533cb03fc4ade5b9891d4468bac9010c04456ec6dd8c4aba44c8af9220
Details	sha256	1	2f4d46d02757bcf4f65de700487b667f8846c38ddb50fbc5b2ac47cfa9e29beb
Details	sha256	1	829729471dfd7e6028af430b568cc6e812f09bb47c93f382a123ccf3698c8c08
Details	sha256	1	8b645c854a3bd3c3a222acc776301b380e60b5d0d6428db94d53fad6a98fc4ec
Details	sha256	1	1e4f93a22ccbf35e2f7c4981a6e8eff7c905bc7dbb5fedadd9ed80768e00ab27
Details	sha256	1	0697127fb6fa77e80b44c53d2a551862709951969f594df311f10dcf2619c9d5
Details	sha256	1	f9a972757cd0d8a837eb30f6a28bc9b5e2a6674825b18359648c50bbb7d6d74a
Details	sha256	1	34186e115f36584175058dac3d34fe0442d435d6e5f8c5e76f0a3df15c9cd5fb
Details	sha256	1	29b6dc1a00fea36bc3705344abea47ac633bc6dbff0c638b120d72bc6b38a36f
Details	sha256	1	3ed90f9fbc9751a31bf5ab817928d6077ba82113a03232682d864fb6d7c69976
Details	sha256	1	a415518642ce4ad11ff645151195ca6e7b364da95a8f89326d68c836f4e2cae1
Details	sha256	1	4d1f49fac538692902cc627ab7d9af07680af68dd6ed87ab16710d858cc4269c
Details	sha256	1	8dea116dd237294c8c1f96c3d44007c3cd45a5787a2ef59e839c740bf5459f21
Details	sha256	1	991a9a8da992731759a19e470c36654930f0e3d36337e98885e56bd252be927e
Details	sha256	1	a3f1c90ce5c76498621250122186a0312e4f36e3bfcfede882c83d06dd286da1
Details	sha256	1	9c37a6b2f4cfbf654c0a5b4a4e78b5bbb3ba26ffbfab393f0d43dad9000cb2d3
Details	sha256	1	d5c1848ba6fdc6f260439498e91613a5db8acbef10d203a18f6b9740d2cab3ca
Details	sha256	1	6d5479adcfa4c31ad565ab40d2ea8651bed6bd68073c77636d1fe86d55d90c8d
Details	IPv4	1	195.128.126.241
Details	IPv4	1441	127.0.0.1
Details	IPv4	1	3.123.17.223
Details	IPv4	1	46.173.217.80
Details	IPv4	1	217.69.6.42
Details	IPv4	1	184.168.221.47
Details	IPv4	1	172.104.87.6
Details	IPv4	1	139.162.123.87
Details	IPv4	1	139.162.110.201
Details	IPv4	1	116.193.154.122
Details	IPv4	1	95.128.126.241
Details	IPv4	1	195.128.127.254
Details	IPv4	1	195.128.126.120
Details	IPv4	1	195.128.126.243
Details	IPv4	1	195.128.124.140
Details	IPv4	1	139.162.71.92
Details	IPv4	1	5.56.133.246
Details	Url	2	http://fid.hognoob.se/download.exe
Details	Url	1	http://fid.hognoob.se/upnpprhost.exe
Details	Url	1	http://wiu.fxxxxxxk.me/download.exe
Details	Url	1	http://wiu.fxxxxxxk.me/sppuihost.exe
Details	Url	1	http://cb.f*ckingmy.life/download.exe
Details	Url	1	http://cb.fuckingmy.life:80/trapceapet.exe