Closed summercms closed 2 years ago
Do you have an example of cryptojacked site or where is embed unbeknownst to the user?
@smed79 @hoshsadiq
You can read the technical paper here: http://blog.talosintelligence.com/2022/08/dark-utilities.html
dark-utilities.xyz
dark-utilities.pw
dark-utilities.me
ijfcm7bu6ocerxsfq56ka3dtdanunyp4ytwk745b54agtravj2wr2qqd.onion.pet
bafybeidravcab5p3acvthxtwosm4rfpl4yypwwm52s7sazgxaezfzn5xn4.ipfs.infura-ipfs.io
Website with example
https://github.com/Cisco-Talos/IOCs/blob/main/2022/08/dark-utilities.txt
Domain causing the CPU spike
Screenshot
Dark Utilities emerged in early 2022 and offers full-blown C2 capabilities both on the Tor network and on the clear web. It hosts payloads in the Interplanetary File System (IPFS -
https://ipfs.tech/
) - a decentralized network system for storing and sharing data.The administrative panel comes with multiple modules for various types of attack, including distributed denial-of-service (DDoS) and cryptojacking.