Bondat Worm Struck Again! Built Botnets for Mining Cryptocurrency and Attacking WordPress | 360 Total Security Blog
Tags
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID f97a3425-b9e7-48c6-b327-8da6556766bc
Fingerprint b5093591a03827c9
Analysis status DONE
Considered CTI value 0
Text language
Published June 11, 2018, 8:32 a.m.
Added to db Jan. 18, 2023, 8:09 p.m.
Last updated Nov. 17, 2024, 12:58 p.m.
Headline Blog
Title Bondat Worm Struck Again! Built Botnets for Mining Cryptocurrency and Attacking WordPress | 360 Total Security Blog
Detected Hints/Tags/Attributes 45/1/18
Source URLs
Redirection Url
Details Source https://blog.360totalsecurity.com/en/bondat-worm-struck-again-built-botnets-for-mining-cryptocurrency-and-attacking-wordpress/
URL Provider
Details Provider Source level domain
Details 360totalsecurity.com blog.360totalsecurity.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
bellsyscdn.com
Details Domain 1 
urchintelemetry.com
Details Domain 1 
xmrmsft.com
Details Domain 1 
php.zip
Details Domain 3 
get.zip
Details File 1 
hive.html
Details File 1 
drive.bat
Details File 13 
setup.php
Details File 1 
put.php
Details File 1 
php.zip
Details File 3 
get.zip
Details IPv4 1 
5.8.52.136
Details IPv4 1 
95.153.31.18
Details IPv4 1 
95.153.31.22
Details Url 1 
https://xmrmsft.com/hive.html
Details Url 1 
http://5.8.52.136/setup.php
Details Url 1 
http://5.8.52.136/put.php
Details Url 1 
http://5.8.52.136/php.zip