← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Mining Gang's New Tool: k4spreader
WHITE 8220 Mining Gang AlienVault 2024-07-02 Modified: 2024-08-01
49
IOCs
MEDIUM VOLUME
QIanxin describes the discovery and analysis of k4spreader, a new malware installer and spreader tool developed by the 8220 mining gang. k4spreader is written in cgo and implements system persistence, self-updating, and releasing other malware like the Tsunami botnet and PwnRig miner. The tool is still in early development with three versions observed so far.
miningbotnettsunamipwnrigspreaderk4spreader
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
k4spreader Tsunami PwnRig
Indicators of Compromise (49)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 426155ff2d5a20f7164da55ff23cc94b 2024-07-02
FileHash-MD5 63a86932a5bad5da32ebd1689aa814b3 2024-07-02
FileHash-SHA1 472548a4b8295182f6ba8641d74725c2250b7243 2024-07-02
FileHash-SHA1 71f5f60479f21702145008bb98c108a69ba8f34c 2024-07-02
FileHash-SHA256 0013b356966c3d693b253cdf00c7fdf698890c9b75605be07128cac446904ad9 2024-07-02
FileHash-SHA256 f998aeb84da8b84723ca9fdbdeb565dbc7938bd0a0ce5f0981307b3e24bdf712 2024-07-02
FileHash-MD5 39776609a1e04b2ab517c0152fba6f85 2024-07-02
FileHash-MD5 3b72de6ec5fc61fdace5c25e4e5ae8f6 2024-07-02
FileHash-MD5 73eac617b4eb16e1ec00347b7d11e7a0 2024-07-02
FileHash-MD5 7648c50870560f94b1081c4913cdf26b 2024-07-02
FileHash-MD5 915aec68a5b53aa7681a461a122594d9 2024-07-02
FileHash-MD5 b9f096559e923787ebb1288c93ce2902 2024-07-02
FileHash-SHA1 38be55f1fc4ce1cb5438236abc5077019e5e1cdf 2024-07-02
FileHash-SHA1 427fae8413034224f5b20edeef4674e179a88295 2024-07-02
FileHash-SHA1 4f0a286e05402f879bb6d93f33fab7ab86cf80d0 2024-07-02
FileHash-SHA1 a2b34f3cfcf584e90c13580e9e0f8b9306e9f6c9 2024-07-02
FileHash-SHA1 a65638b064d4b54d8aa29c33227570a46eaeb60a 2024-07-02
FileHash-SHA1 bb03f6cee64f8df43fd6e3832b513c111b922036 2024-07-02
FileHash-SHA1 d96b9b6d2427c3e8be2f87de474715d06b11b972 2024-07-02
FileHash-SHA256 0897b1d3e3e453c160bf8d28a041eee3bd29e43a6f063faed7d3cb83a86b88cc 2024-07-02
FileHash-SHA256 20d08d27631ae9bab8f3cb7cddd9b35fb75e5bee5764072f77ac3b4513307838 2024-07-02
FileHash-SHA256 31fd924b9a5747befdf61c03b02c90d3c2ba93c8e1a9f798e6dfefe23767e1ae 2024-07-02
FileHash-SHA256 7bade55726a3a6e86d809836d1bc43f4f7702ecde9ceed80a09876c2efeff8d4 2024-07-02
FileHash-SHA256 a980b1b0387534da7c9a321f7d450c02087f7a8445fc86b77785da0c510bbaa8 2024-07-02
FileHash-SHA256 e2c3e81aa24b20ac71147340adc1eaedf077ad00e4a2359e3db47b166cf5411a 2024-07-02
URL http://185.172.128.146/d.py 2024-07-02
URL http://185.172.128.146:443/bi.64 2024-07-02
URL http://185.172.128.146:443/bin 2024-07-02
URL http://185.172.128.146:443/bin.64 2024-07-02
URL http://185.172.128.146:443/d.py 2024-07-02
URL http://fbi.su1001-2.top:443 2024-07-02
URL http://fbi.su1001-2.top:80 2024-07-02
URL http://fbi.su1001-2.top:8080 2024-07-02
URL http://run.on-demand.pw:443 2024-07-02
URL http://run.on-demand.pw:80 2024-07-02
URL http://run.on-demand.pw:8080 2024-07-02
URL http://run.sck-dns.cc/sys/index.php 2024-07-02
URL http://run.sck-dns.ws/sys/index.php 2024-07-02
domain multi-user.target 2024-07-02
domain network-online.target 2024-07-02
domain network.target 2024-07-02
domain syslog.target 2024-07-02
hostname c4k-ircd.pwndns.pw 2024-07-02
hostname dw.c4kdeliver.top 2024-07-02
hostname fbi.su1001-2.top 2024-07-02
hostname pwn.oracleservice.top 2024-07-02
hostname run.on-demand.pw 2024-07-02
hostname run.sck-dns.cc 2024-07-02
hostname run.sck-dns.ws 2024-07-02
References (1)
↗ https://blog.xlab.qianxin.com/8220-k4spreader-new-tool-en/