Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- IOCs
- C2 IP Address:
- 123[.]59[.]68[.]172
- Hashes (SHA-256)
- Neutrino.ps1:
- 4b9ce06c6dc82947e888e919c3b8108886f70e5d80a3b601cc6eb3752a1069a1
- 9a326afeeb2ba80de356992ec72beeab28e4c11966b28a16356b43a397d132e8
- WMI.ps1:
- 40a507a88ba03b9da3de235c9c0afdfcf7a0473c8704cbb26e16b1b782becd4d
- WMI64.ps1:
- 8a2bdea733ef3482e8d8f335e6a4e75c690e599a218a392ebac6fcb7c8709b52
- Associated Monero address:
- 43ZSpXdMerQGerimDrUviDN6qP3vkwnkZY1vvzTV22AbLW1oCCBDstNjXqrT3anyZ22j7DEE74GkbVcQFyH2nNiC3fchGfc
- βKillerβ script:
- Service names
- xWinWpdSrv
- SVSHost
- Microsoft Telemetry
- lsass
- Microsoft
- system
- Oracleupdate
- CLR
- sysmgt
- gm
- WmdnPnSN
- Sougoudl
- Nationaaal
- Natimmonal
- Nationaloll
- Task names
- Mysa
- Mysa1
- Mysa2
- Mysa3
- ok
- Oracle Java
- Oracle Java Update
- Microsoft Telemetry
- Spooler SubSystem Service
- Oracle Products Reporter
- Update service for products
- gm
- ngm
- Process names
- msinfo
- xmrig*
- minerd
- MinerGate
- Carbon
- yamm1
- upgeade
- auto-upgeade
- svshost
- SystemIIS
- SystemIISSec
- WindowsUpdater*
- WindowsDefender*
- update
- carss
- service
- csrsc
- cara
- javaupd
- gxdrv
- lsmosee
- Miner related server side TCP ports
- 1111
- 2222
- 3333
- 4444
- 5555
- 6666
- 7777
- 8888
- 9999
- 14433
- 14444
- 45560
- 65333
- 55335
- Miner related command line arguments
- *cryptonight*
- *stratum+*
- *--donate-level*
- *--max-cpu-usage*
- *-p x*
- *pool.electroneum.hashvault
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
