TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究ログ

Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner

f:id:tanigawa:20180610190220j:plain
Infector code showing Coinhive injection; another variant even contains its own XMR configuration and miner binary
f:id:tanigawa:20180610190229p:plain
An infected script attempting to load onto web browser, with CPU usage shown.
出典: https://blog.trendmicro.com/trendlabs-security-intelligence/ransomware-xiaoba-repurposed-as-file-infector-and-cryptocurrency-miner/


【ブログ】

Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner (Trendmicro, 2018/04/17 06:39)
https://blog.trendmicro.com/trendlabs-security-intelligence/ransomware-xiaoba-repurposed-as-file-infector-and-cryptocurrency-miner/


【インディケータ情報】

■ハッシュ情報(Sha256)

  • 11abb44de53807e32980a010a473514694f901841e63ab33f5e0ff8754009b47
  • 6d870d18702c0871fb0d00db629dab94757090467c4d9b1420e1e9518779a285
  • 19805a35adace41ee871cc8baa74a2ead533a5d6734a2108e438d4c7ca2c4103
  • 3333967f3407ccd5f930b50ac1699edc71c6c76c194f2e114a3f06ce7ab78c4c
  • a322da0be4f0be8d85eab815ca708c8452b63f24d0e2d2d6d896a9f9331a6244

Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2019