• Home
  • Attack
  • Dataset
  • Contact Us
        • T1-24–01–S–N–CL
        • T2-24–01–S–N–CL
        • T3-24–01–S–N–CL
        • T4-24–01–S–E–M
        • T5-24–01–S–E–LM
        • T6-24–01–S–E–FH
        • T7-24–01–M–NE–CLM
        • T8-24–01–M–NE–CFHL
        • T9-24–01–M–NE–CLM
        • comming soon
  • T5-24-01-S-E-LM

  • Cryptojacking (XMRig Miner)

    XMRig is an open-source, computer resource-utilizing cryptocurrency miner that utilizes the resources of an infected PC to mine the attacker's cryptocurrency for financial gain. Infected PCs may experience a decrease in PC performance due to the unintentional running of the miner.

    1. Communicate with the C&C server via script
    2. Download and run XMRing Miner
    3. Mine cryptocurrency using PC resources

    •  


  • OS IP Software Log collection
    time    		 Program
    runtime
    Attacker - - - 22 sec 80 sec
    Victim Ubuntu 20.04.1 10.0.2.15 -

  • Installing
  • python3 -m pip install -r requirements.txt

  • Using
  • python3 run.py

  • MITRE ATT&CK Framework
  • Attack Tactic
    Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion
    Credential Discovery Lateral Movement Collection Command and Control Exfiltration Impact

  • Logs
  • ./log/2024_01_T5_{time}.log # YYmmdd_HHMMSS


  • References
  • [1] XMRig [https://xmrig.com/]
    [2] VirusTotal [ed8fe6eb98c8a487c631dee11ddbe11c322e446666280f7b97844d259fdb10f5]

  • ※ Click on the attack name to see a description and scenario for the attack
    • 2024
    • T1-24–01–S–N–CL
    • T2-24–01–S–N–CL
    • T3-24–01–S–N–CL
    • T4-24–01–S–E–M
    • T5-24–01–S–E–LM
    • T6-24–01–S–E–FH
    • T7-24–01–M–NE–CLM
    • T8-24–01–M–NE–CFHL
    • T9-24–01–M–NE–CLM
  • Copyright(C) 2024, KAIST Cyber Security Reserch Center. All Rights Reserved.