Trojan:Win64/XMRigMiner
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:34
- Modified
- 20/12/2025 21:23
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 14 attack patterns (mitre), 12 indicators, 3 vulnerabilities (cve), 1 reports
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (14)
-
T1053 usesScheduled Task/Job MITRE
-
T1210 usesExploitation of Remote Services MITRE
-
T1134 usesAccess Token Manipulation MITRE
-
T1190 usesExploit Public-Facing Application MITRE
-
T1112 usesModify Registry MITRE
-
T1562 usesImpair Defenses MITRE
-
T1564 usesHide Artifacts MITRE
-
T1136 usesCreate Account MITRE
-
T1546 usesEvent Triggered Execution MITRE
-
T1078 usesValid Accounts MITRE
-
T1110 usesBrute Force MITRE
-
T1027 usesObfuscated Files or Information MITRE
Indicators (12)
-
proxies.identitynetwork.topindicatesstix 100/100 Revoked· Valid until 13/09/2025 · Source: AlienVault -
stix 100/100 Revoked· Valid until 17/10/2023 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 17/10/2023 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 17/10/2023 · Source: AlienVault
-
85894b2bfe350962faeed8a5eab34593f74eb1b3indicatesyara 100/100 Revokedfiles - file smss.exe.bin
· Valid until 17/10/2023 · Source: AlienVault -
7b4bf9db4e8e6f8216d65457fdae6ed7497b7602indicatesyara 100/100 Revokedfiles - file ex.exe.bin
· Valid until 17/10/2023 · Source: AlienVault -
WinRing0x64_sysindicatesyara 100/100 RevokedWinRing0x64_sys files - file WinRing0x64.sys.bin
· Valid until 17/10/2023 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of 4f19b6970e35b3d20f84a91e3af0d82c68096710 SHA256 of 4f19b6970e35b3d20f84a91e3af0d82c68096710
· Valid until 17/10/2023 · Source: AlienVault -
838b6da59df959660b6ef3cbff1a4171752eb974indicatesyara 100/100 Revokedfile kit.bat
· Valid until 17/10/2023 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of d25340ae8e92a6d29f599fef426a2bc1b5217299
· Valid until 20/02/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 17/10/2023 · Source: AlienVault
Vulnerabilities (CVE) (3)
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges …
- Attack vector
- Network
- Published
- 12/04/2024
- Modified
- 21/12/2025
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
Reports (1)
-
3 CVEs 3 MITREs 2 Malwares 10 Observables