← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Mining Gang's New Tool: k4spreader
WHITE 8220 Mining Gang AlienVault 2024-07-02 Modified: 2024-08-01
49
IOCs
MEDIUM VOLUME
QIanxin describes the discovery and analysis of k4spreader, a new malware installer and spreader tool developed by the 8220 mining gang. k4spreader is written in cgo and implements system persistence, self-updating, and releasing other malware like the Tsunami botnet and PwnRig miner. The tool is still in early development with three versions observed so far.
miningbotnettsunamipwnrigspreaderk4spreader
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
k4spreader Tsunami PwnRig
Indicators of Compromise (9 / 49 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 472548a4b8295182f6ba8641d74725c2250b7243 2024-07-02
FileHash-SHA1 71f5f60479f21702145008bb98c108a69ba8f34c 2024-07-02
FileHash-SHA1 38be55f1fc4ce1cb5438236abc5077019e5e1cdf 2024-07-02
FileHash-SHA1 427fae8413034224f5b20edeef4674e179a88295 2024-07-02
FileHash-SHA1 4f0a286e05402f879bb6d93f33fab7ab86cf80d0 2024-07-02
FileHash-SHA1 a2b34f3cfcf584e90c13580e9e0f8b9306e9f6c9 2024-07-02
FileHash-SHA1 a65638b064d4b54d8aa29c33227570a46eaeb60a 2024-07-02
FileHash-SHA1 bb03f6cee64f8df43fd6e3832b513c111b922036 2024-07-02
FileHash-SHA1 d96b9b6d2427c3e8be2f87de474715d06b11b972 2024-07-02
References (1)
↗ https://blog.xlab.qianxin.com/8220-k4spreader-new-tool-en/