GhostMiner: Cryptomining Malware Goes Fileless
Tags
attack-pattern: Data Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID fcca8d8f-05b8-4bc5-9b6e-9b8bbadc77e9
Fingerprint a6a189b80c4716df
Analysis status DONE
Considered CTI value 2
Text language
Published July 21, 2022, 2:07 p.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 4:49 p.m.
Headline GhostMiner: Cryptomining Malware Goes Fileless
Title GhostMiner: Cryptomining Malware Goes Fileless
Detected Hints/Tags/Attributes 46/1/12
Source URLs
Redirection Url
Details Source https://blog.minerva-labs.com/ghostminer-cryptomining-malware-goes-fileless
URL Provider
Details Provider Source level domain
Details minerva-labs.com blog.minerva-labs.com
Attributes
Details Type #Events CTI Value
Details CVE 81 
cve-2017-10271
Details Domain 99 
qq.com
Details Domain 1 
www.minexmr.com
Details File 1 
wmi64.ps1
Details File 1 
wmi.ps1
Details File 1 
neutrino.ps1
Details sha256 1 
4b9ce06c6dc82947e888e919c3b8108886f70e5d80a3b601cc6eb3752a1069a1
Details sha256 1 
9a326afeeb2ba80de356992ec72beeab28e4c11966b28a16356b43a397d132e8
Details sha256 1 
40a507a88ba03b9da3de235c9c0afdfcf7a0473c8704cbb26e16b1b782becd4d
Details sha256 1 
8a2bdea733ef3482e8d8f335e6a4e75c690e599a218a392ebac6fcb7c8709b52
Details IPv4 1 
123.59.68.172
Details Url 1 
http://www.minexmr.com