MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

add GhostMiner

Browse source
This commit is contained in:
Deborah Servili 2018-10-22 14:46:44 +02:00
parent bd68ee280e
commit 32d90a27e1
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
clusters/tool.json
View file

@ -7361,7 +7361,17 @@
},
"uuid": "d93894ee-d5d7-11e8-b360-572c0c441c8f",
"value": "NAMEDPIPETOUCH"
},
{
"description": "GhostMiner is a new cryptocurrency mining malware. By the end of March 2018, a new variant of mining malware was detected targeting MSSQL, phpMyAdmin, and Oracle WebLogic servers. The sample uses Powershell to execute code with volatile resources and scans the server's processes to detect and stop other miners that might have been running prior to execution.\nThe fileless malware has become more popular in the last years. The malicious code runs directly in main memory without writing any file on disk, where an antivirus engine could detect it.",
"meta": {
"refs": [
"https://www.alienvault.com/forums/discussion/17301/alienvault-labs-threat-intelligence-update-for-usm-anywhere-march-25-march-31-2018"
]
},
"uuid": "0a339826-d5f8-11e8-b520-5b93fe65a08e",
"value": "GhostMiner"
}
],
"version": 96
"version": 97
}