Cryptojacking Attack Campaign Against Apache Web Servers Using Cobalt Strike [Wednesday, November 22, 2023]

Cryptojacking Attack Campaign Against Apache Web Servers Using Cobalt Strike [Wednesday, November 22, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

Cryptojacking Attack Campaign Against Apache Web Servers Using Cobalt Strike

Description :
An attack on web servers that are poorly managed has been identified by AhnLab Security Emergency Response Center (ASEC), a South Korea-based security agency.

Published :
2023-11-22T15:01:17.217Z

Created :
2023-11-22T15:01:17.217Z

Modified :
2023-11-22T15:28:08.922Z

Tags

  • xmrig
  • gh0st rat
  • cobalt strike
  • apache web server

Indicators

IPv4s :
  • 121.135.44.49
  • 202.30.19.218
URLs :
  • http://121.135.44.49:808/ga.js
  • http://121.135.44.49:808/a4vR
  • http://www.beita.site/api/2:2053
  • www.beita.site
  • http://121.135.44.49:808/ptj
  • http://121.135.44.49:808/updates.rss
Domains :
  • gd.one188.one
Hashes :
  • ddc6ec41d3fb93bcdb6c6730f2b3d89fabe3623234cce15ea9fe1a78fc641e82
  • 7125c763c53ee64fe2e747b354b1c61211368d3008da6a1eb30e339bdd9ab09b
  • 69a612f8abd712e18d00b981a929b07b6a2bee3ca57ab35ad6579d540507dcb1
  • 67e5088b0fb58e909b660e4552468d3e24acbc268ad06533d3ef5be8b4a63b7b
  • 7ea7c3b589be38ea4c6fc10af6c2f4081c247b8490dd81aae0d14000cdac8b47
Attacks Pattern :
  • T1496
  • T1105
  • T1203
External References :

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.