CoinMiner Being Distributed to Vulnerable MS-SQL Servers - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Brute Force - T1110 |
Common Information
| Type | Value |
|---|---|
| UUID | e35614c2-40b8-438b-ac4c-d23faab3a9a6 |
| Fingerprint | 95883adf09c39edf |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Feb. 28, 2022, 10 a.m. |
| Added to db | Sept. 11, 2022, 4:59 p.m. |
| Last updated | Nov. 4, 2024, 2:17 a.m. |
| Headline | CoinMiner Being Distributed to Vulnerable MS-SQL Servers |
| Title | CoinMiner Being Distributed to Vulnerable MS-SQL Servers - ASEC BLOG |
| Detected Hints/Tags/Attributes | 32/2/13 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/en/32143/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | dl.love-network.cc |
|
| Details | Domain | 1 | serv1.love-network.cc |
|
| Details | File | 9 | sqlbase.exe |
|
| Details | File | 119 | sqlservr.exe |
|
| Details | File | 35 | config.txt |
|
| Details | File | 1 | data.mdf |
|
| Details | File | 1 | sqlconn.exe |
|
| Details | File | 1 | %programfiles%\microsoft sql server\mssql12.sql |
|
| Details | File | 27 | agent.c4 |
|
| Details | md5 | 9 | fe3659119e683e1aa07b2346c1f215af |
|
| Details | md5 | 1 | b11d7ac5740401541bc1be33dd475e00 |
|
| Details | Url | 1 | http://dl.love-network.cc/config.txt |
|
| Details | Url | 1 | http://dl.love-network.cc/data.mdf |