search

chartingshow / crypto-firewall

🎁 Blocks browser-based crypto mining, cryptojacking, banking and crypto malware and phishing websites, apps and hackers command-and-control (C2) servers.
GNU General Public License v3.0
11 stars 0 forks source link

Block `GuptiMiner` malware and cryptojacking miner #494

Closed summercms closed 4 months ago

summercms commented 5 months ago

Enhancement idea

Description

GuptiMiner is a highly sophisticated threat that uses an interesting infection chain along with a couple of techniques that include performing DNS requests to the attacker’s DNS servers, performing sideloading, extracting payloads from innocent-looking images, signing its payloads with a custom trusted root anchor certification authority, among others.

GuptiMiner also distributes XMRig Monero miner on the infected devices, which is a bit unexpected for such a thought-through operation.

Links

https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/

https://github.com/avast/ioc/tree/master/GuptiMiner

IOC

I2P websites

n/a

IPFS websites

n/a

Tor2web websites

n/a

TOR websites

n/a

URL's

n/a

Folders

n/a

Sub-Domains

n/a

Domains

acmeautoleasing.net
airequipment.net
bascap.net
bramco.net
breedbackfp.com
bretzger.net
cbacontrols.com
deannacraite.com
desmoinesreg.com
dreamsoles.com
earthscienceclass.com
edgesync.net
editaccess.com
encontacto.net
espcomp.net
gesucht.net
gosoengine.com
gravelmart.net
gridsense.net
guterman.net
hashvault.pro
icamper.net
indpendant.com
insomniaccinema.com
jetmediauk.com
kbdn.net
korkyt.net
lesagencestv.net
peepzo.com
penawarkanser.net
satchmos.net
securtelecom.com
sifraco.com
sneakerhost.com
srnmicro.net
suechiLton.com
trafomo.com
widgeonhill.com

IP's

n/a

ASN's

n/a

Emails

n/a

Wallet addresses

n/a

Mining pool addresses

n/a