2017-12-12 - NGAY CAMPAIGN RIG EK PUSHES QUANT LOADER & MONERO CPU MINER

ASSOCIATED FILES:

NOTES:


Shown above:  Flow chart for today's infection.

 

WEB TRAFFIC BLOCK LIST

Indicators are not a block list.  If you feel the need to block web traffic, I suggest the following URLs:

 

TRAFFIC


Shown above:  Traffic from an infection filtered in Wireshark.

 


Shown above:  Traffic caused by the Monero (XMR) CPU miner.

 

FIRST RUN (NO POST-INFECTION TRAFFIC):

SECOND RUN:

 

MALWARE AND ARTIFACTS

ARTIFACTS FROM AN INFECTED WINDOWS HOST:

 

IMAGES


Shown above:  Quant Loader persistent on the infected Windows host.

 


Shown above:  Monero (XMR) CPU miner persistent on the infected Windows host.

 

FINAL NOTES

Once again, here are the associated files:

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.