ioc[.]one - OSINT Cyber Threat Intelligence Database

Following ESET’s discovery, a Monero mining botnet is disrupted | WeLiveSecurity

Tags

cmtmf-attack-pattern:	Process Injection Resource Hijacking
country:	Laos Peru
attack-pattern:	Data Binary Padding - T1027.001 Botnet - T1583.005 Botnet - T1584.005 Data From Local System - T1533 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Dynamic Dns - T1311 Dynamic Dns - T1333 Replication Through Removable Media - T1458 File And Directory Permissions Modification - T1222 File Deletion - T1070.004 File Deletion - T1630.002 Hardware - T1592.001 Hidden Files And Directories - T1564.001 Hooking - T1617 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Process Discovery - T1424 Process Hollowing - T1055.012 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Resource Hijacking - T1496 Rundll32 - T1218.011 Scheduled Task - T1053.005 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 Stored Data Manipulation - T1565.001 Stored Data Manipulation - T1492 Visual Basic - T1059.005 Web Service - T1481 Tool - T1588.002 Binary Padding - T1009 Connection Proxy - T1090 Custom Command And Control Protocol - T1094 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Execution Through Api - T1106 Execution Through Module Load - T1129 Fallback Channels - T1008 File Deletion - T1107 Hidden Files And Directories - T1158 Hooking - T1179 Process Discovery - T1057 Process Hollowing - T1093 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 Replication Through Removable Media - T1091 Rundll32 - T1085 Scheduled Task - T1053 Scripting - T1064 Security Software Discovery - T1063 Software Packing - T1045 Uncommonly Used Port - T1065 Web Service - T1102 Execution Through Api Hooking Replication Through Removable Media Scripting

Show in Graph

Common Information

Type	Value
UUID	e9b4ca49-a288-41e9-8bb2-6dc6181270ac
Fingerprint	a6878951a5bf3781
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 23, 2020, 11:30 a.m.
Added to db	June 15, 2023, 11:01 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Following ESET’s discovery, a Monero mining botnet is disrupted
Title	Following ESET’s discovery, a Monero mining botnet is disrupted \| WeLiveSecurity
Detected Hints/Tags/Attributes	122/3/85

Source URLs

	Redirection	Url
Details	Source	https://www.welivesecurity.com/2020/04/23/eset-discovery-monero-mining-botnet-disrupted/

URL Provider

Details	Provider	Source level domain
Details	welivesecurity.com	www.welivesecurity.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	scitie.ddns.net
Details	Domain	1	ddw.ddns.net
Details	Domain	1	c0d3.ddns.net
Details	Domain	1	volvo.ddns.net
Details	Domain	1	xcod.ddns.net
Details	Domain	2	mrxud.ddns.net
Details	Domain	1	d001.ddns.net
Details	Domain	1	xkm.ddns.net
Details	Domain	2	luio.ddns.net
Details	Domain	1	xcud.ddns.net
Details	Domain	1	aut2scr.ddns.net
Details	Domain	1	fanbmypersondrive.icu
Details	Domain	1	mydrivepersonpdvsa.icu
Details	Domain	1	mydrivepersonfanb.icu
Details	Domain	1	mycountermppd.xyz
Details	Domain	1	calypsoempire.ddns.net
Details	Domain	1	mgud2xd.ddns.net
Details	Domain	1	aut0hk.ddns.net
Details	Domain	1	xcud.zapto.org
Details	Domain	1	accountantlive.icu
Details	Domain	1	shittybooks.review
Details	Domain	2	hakerz123.ddns.net
Details	Domain	1	jcmewjjkyc0d3.ddns.net
Details	Domain	1	urtyerc0d3.ddns.net
Details	Domain	1	moohyayeuaut2scr.ddns.net
Details	Domain	1	pnumwwdljpmzg.ddns.net
Details	Domain	1	gjyapcagoc0d3.ddns.net
Details	Domain	1	ohofqlxnjluio.ddns.net
Details	Domain	1	gulfup.me
Details	Domain	6	top4top.io
Details	Domain	358	pastebin.com
Details	File	1	ctfmon2.exe
Details	File	70	vbc.exe
Details	File	59	csc.exe
Details	File	1	puqpqozoy.exe
Details	File	1	2czcy5xvh7br.jpeg
Details	File	3	ucsvc.exe
Details	File	1	tpmvscugr.exe
Details	File	1	gate.exe
Details	File	2	auto.dll
Details	File	1	c:\windows\system32\ucsvc.exe
Details	File	1	%programdata%\jcmewjjky\jcmewjjky.ico
Details	File	1	%programdata%\jcmewjjky\jcmewjjky.exe
Details	File	1	%appdata%\microsoft\windows\start menu\programs\startup\ctfmon.url
Details	File	1	%appdata%\microsoft\windows\start menu\programs\startup\tpmvsucgr.url
Details	File	1	%appdata%\tpmvscugr.exe
Details	File	1	%appdata%\ctfmon2.exe
Details	File	1	a8nr26g1zcot.jpeg
Details	File	1	6400e1i9fsj6.jpeg
Details	File	1	pwgzuq5902m2.jpeg
Details	File	1	lhm3w37zuiwy.jpeg
Details	File	1	3mwdm6tbgcq6.jpeg
Details	File	1	sy8rtcxlh1pu.jpeg
Details	File	1	o56zgjhefny0.jpeg
Details	File	1	p_152411ncc1.jpeg
Details	File	1018	rundll32.exe
Details	sha1	2	398c99fd804043863959cc34c68b0305b1131388
Details	sha1	2	a187d8be61b7ad6c328f3ee9ac66f3d2f4b48c6b
Details	sha1	1	483a55389702cdc83223c563efb9151a704a973e
Details	sha1	2	686eef924e6b7aadb5bcff1045b25163501670e6
Details	MITRE ATT&CK Techniques	55	T1091
Details	MITRE ATT&CK Techniques	80	T1064
Details	MITRE ATT&CK Techniques	120	T1129
Details	MITRE ATT&CK Techniques	27	T1085
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	480	T1053
Details	MITRE ATT&CK Techniques	42	T1158
Details	MITRE ATT&CK Techniques	279	T1060
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	265	T1222
Details	MITRE ATT&CK Techniques	12	T1009
Details	MITRE ATT&CK Techniques	67	T1107
Details	MITRE ATT&CK Techniques	11	T1093
Details	MITRE ATT&CK Techniques	29	T1045
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	24	T1063
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	23	T1094
Details	MITRE ATT&CK Techniques	26	T1065
Details	MITRE ATT&CK Techniques	41	T1008
Details	MITRE ATT&CK Techniques	149	T1102
Details	MITRE ATT&CK Techniques	107	T1496
Details	MITRE ATT&CK Techniques	3	T1492
Details	Url	1	http://gulfup.me/i/00711/2czcy5xvh7br.jpeg