Tales From the Honeypot: WatchDog Evolves With a New Multi-Stage Cryptojacking Attack - Cado Security | Cloud Forensics & Incident Response
Tags
attack-pattern: Data Cron - T1053.003 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Serverless - T1583.007 Serverless - T1584.007 Systemd Service - T1543.002 Systemd Service - T1501 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID e6dc3a57-7955-44f2-888e-90eb6d1fc394
Fingerprint 21890893ad2d0789
Analysis status DONE
Considered CTI value 2
Text language
Published June 2, 2022, 1 p.m.
Added to db Oct. 24, 2023, 1:45 p.m.
Last updated Nov. 18, 2024, 8:27 a.m.
Headline Tales From the Honeypot: WatchDog Evolves With a New Multi-Stage Cryptojacking Attack
Title Tales From the Honeypot: WatchDog Evolves With a New Multi-Stage Cryptojacking Attack - Cado Security | Cloud Forensics & Incident Response
Detected Hints/Tags/Attributes 69/1/27
Source URLs
Redirection Url
Details Source https://www.cadosecurity.com/tales-from-the-honeypot-watchdog-evolves-with-a-new-multi-stage-cryptojacking-attack/
URL Provider
Details Provider Source level domain
Details cadosecurity.com www.cadosecurity.com
Attributes
Details Type #Events CTI Value
Details Domain 4 
oracle.zzhreceive.top
Details Domain 10 
borg.wtf
Details Domain 3 
cronb.sh
Details Domain 6 
ar.sh
Details Domain 3 
ai.sh
Details File 19 
4.tar
Details File 2 
avg.tar
Details File 2 
avg4.tar
Details File 5 
p.tar
Details sha256 1 
3724b0555d0c8d0d0eb3856d84fc29317a1e8c4a8f4725344cb7336d97be80cb
Details sha256 1 
2391e6c61fe2228b057199d0a3c8b9763cd2d24ba9e56c48e96aafdf615253ea
Details sha256 1 
3331f1a753a3cd9f15234ccc221725ed8cfca9039f3e9ede624971d173042ce0
Details sha256 1 
5d7d95b5e51db0ac8800ffdd0ea5e87859bc119ebfc590af48cfc4e90e7b3822
Details sha256 1 
54760c42d932de7feb0bfacc49126e67f4a019f222ad2e9d3e3d28e9b7a20b5e
Details sha256 1 
3a43288cfdee3cc2f5c305990d81986c7190702711edf985951bb44f4a587a9e
Details IPv4 1 
218.76.246.69
Details IPv4 1442 
127.0.0.1
Details Url 1 
http://oracle.zzhreceive.top/s3f815/s/avg.tar.gz
Details Url 1 
http://oracle.zzhreceive.top/s3f815/s/avg4.tar.gz
Details Url 1 
http://oracle.zzhreceive.top/s3f815/s/1.0.4.tar.gz
Details Url 1 
http://oracle.zzhreceive.top/s3f815/s/p.tar
Details Url 1 
http://oracle.zzhreceive.top/s3f815/d/ar.sh
Details Url 1 
http://oracle.zzhreceive.top/s3f815/d/ai.sh
Details Url 2 
http://oracle.zzhreceive.top/b2f628/b.sh
Details Url 1 
http://oracle.zzhreceive.top/s3f815/d/c.sh
Details Url 1 
http://oracle.zzhreceive.top/s3f815/d/d.sh
Details Url 2 
http://oracle.zzhreceive.top/b2f628/cronb.sh