← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Mining Gang's New Tool: k4spreader
WHITE 8220 Mining Gang AlienVault 2024-07-02 Modified: 2024-08-01
49
IOCs
MEDIUM VOLUME
QIanxin describes the discovery and analysis of k4spreader, a new malware installer and spreader tool developed by the 8220 mining gang. k4spreader is written in cgo and implements system persistence, self-updating, and releasing other malware like the Tsunami botnet and PwnRig miner. The tool is still in early development with three versions observed so far.
miningbotnettsunamipwnrigspreaderk4spreader
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
k4spreader Tsunami PwnRig
Indicators of Compromise (8 / 49 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 426155ff2d5a20f7164da55ff23cc94b 2024-07-02
FileHash-MD5 63a86932a5bad5da32ebd1689aa814b3 2024-07-02
FileHash-MD5 39776609a1e04b2ab517c0152fba6f85 2024-07-02
FileHash-MD5 3b72de6ec5fc61fdace5c25e4e5ae8f6 2024-07-02
FileHash-MD5 73eac617b4eb16e1ec00347b7d11e7a0 2024-07-02
FileHash-MD5 7648c50870560f94b1081c4913cdf26b 2024-07-02
FileHash-MD5 915aec68a5b53aa7681a461a122594d9 2024-07-02
FileHash-MD5 b9f096559e923787ebb1288c93ce2902 2024-07-02
References (1)
↗ https://blog.xlab.qianxin.com/8220-k4spreader-new-tool-en/