SIEM agent being used in SilentCryptoMiner attacks
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A global malware campaign targeting mainly Russian-speaking users has been distributing cryptocurrency mining malware through fake software download sites, Telegram channels, and YouTube videos. The multi-stage infection chain uses unusual techniques for persistence and evasion, including hiding malicious payloads in legitimate file signatures and abusing the Wazuh SIEM agent as a backdoor. The final payload injects the SilentCryptoMiner into explorer.exe to mine cryptocurrencies like Monero. The attackers use SEO poisoning, social engineering, and multiple persistence mechanisms to maintain access. While primarily focused on cryptomining, some variants can also steal cryptocurrency wallet addresses and take screenshots.
OPENCTI LABELS :
cryptomining,seo poisoning,autoit,persistence,defense evasion,silentcryptominer,siem
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
SIEM agent being used in SilentCryptoMiner attacks