ioc[.]one - OSINT Cyber Threat Intelligence Database

Skidmap Malware Uses Rootkit to Hide Mining Payload

Tags

attack-pattern:

Cron - T1053.003 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Rootkit - T1014 Rootkit

Show in Graph

Common Information

Type	Value
UUID	e8c9851d-a9a4-452c-88a6-8cb46104474d
Fingerprint	f4a11d1c0437cfcb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 16, 2019, midnight
Added to db	Oct. 15, 2024, 3:46 p.m.
Last updated	Oct. 16, 2024, 2:22 a.m.
Headline	Skidmap Malware Uses Rootkit to Hide Mining Payload
Title	Skidmap Malware Uses Rootkit to Hide Mining Payload
Detected Hints/Tags/Attributes	49/1/16

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_sg/research/19/i/skidmap-linux-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload.html
Details	Source	https://www.trendmicro.com/en_gb/research/19/i/skidmap-linux-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload.html
Details	Source	https://www.trendmicro.com/en_ca/research/19/i/skidmap-linux-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload.html
Details	Source	https://www.trendmicro.com/en_au/research/19/i/skidmap-linux-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload.html
Details	Source	https://www.trendmicro.com/en_nz/research/19/i/skidmap-linux-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	2		pm.ipfswallet.tk
Details	Domain	4		pm.sh
Details	File	1		linux.pam
Details	md5	1		c07fe8abf4f8ba83fb95d44730efc601
Details	md5	1		ba9a7fc340b3bb5b4b2b2741b5e31042
Details	md5	1		3ae9b7ca11f6292ef38bd0198d7e7d0b
Details	md5	1		bb14edb509fdeee34167c5194fa63462
Details	md5	1		240ad49b6fe4f47e7bbd54530772e5d2
Details	md5	1		6a695ebae154e1d8771983d9dce0e452
Details	md5	1		945d6bd233a4e5e9bfb2d17ddace46f2
Details	md5	1		b223555f60f230be668ee8f20ba8c33c
Details	md5	1		913208a1a4843a5341231771b66bb400
Details	md5	1		390bd7a96a5ce3af95ce0b80d4ed879e
Details	Url	1		http://pm.ipfswallet.tk/pm.sh
Details	Url	1		http://pm.ipfswallet.tk/pc
Details	Url	1		http://pm.ipfswallet.tk/cos7.tar.gz