Contact

SIEM agent being used in SilentCryptoMiner attacks

NetmanageIT OpenCTI - opencti.netmanageit.com

SIEM agent being used in SilentCryptoMiner attacks



SUMMARY :

A global malware campaign targeting mainly Russian-speaking users has been distributing cryptocurrency mining malware through fake software download sites, Telegram channels, and YouTube videos. The multi-stage infection chain uses unusual techniques for persistence and evasion, including hiding malicious payloads in legitimate file signatures and abusing the Wazuh SIEM agent as a backdoor. The final payload injects the SilentCryptoMiner into explorer.exe to mine cryptocurrencies like Monero. The attackers use SEO poisoning, social engineering, and multiple persistence mechanisms to maintain access. While primarily focused on cryptomining, some variants can also steal cryptocurrency wallet addresses and take screenshots.

OPENCTI LABELS :

cryptomining,seo poisoning,autoit,persistence,defense evasion,silentcryptominer,siem


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


SIEM agent being used in SilentCryptoMiner attacks