[x] Block GuptiMiner malware and cryptojacking miner.
Description
GuptiMiner is a highly sophisticated threat that uses an interesting infection chain along with a couple of techniques that include performing DNS requests to the attacker’s DNS servers, performing sideloading, extracting payloads from innocent-looking images, signing its payloads with a custom trusted root anchor certification authority, among others.
GuptiMiner also distributes XMRig Monero miner on the infected devices, which is a bit unexpected for such a thought-through operation.
Enhancement idea
GuptiMiner
malware and cryptojacking miner.Description
GuptiMiner is a highly sophisticated threat that uses an interesting infection chain along with a couple of techniques that include performing DNS requests to the attacker’s DNS servers, performing sideloading, extracting payloads from innocent-looking images, signing its payloads with a custom trusted root anchor certification authority, among others.
GuptiMiner also distributes
XMRig Monero miner
on the infected devices, which is a bit unexpected for such a thought-through operation.Links
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
https://github.com/avast/ioc/tree/master/GuptiMiner
IOC
I2P websites
n/a
IPFS websites
n/a
Tor2web websites
n/a
TOR websites
n/a
URL's
n/a
Folders
n/a
Sub-Domains
n/a
Domains
IP's
n/a
ASN's
n/a
Emails
n/a
Wallet addresses
n/a
Mining pool addresses
n/a