Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer

June 27, 2024, 9:26 a.m.

Description

P2Pinfect is a sophisticated malware that utilizes a peer-to-peer botnet for command and control. Initially appearing dormant, it has evolved to deploy ransomware and cryptominer payloads. The malware spreads via exploiting Redis and limited SSH capabilities. A recent update introduced a new ransomware payload that encrypts files with specific extensions, while a cryptominer targets system resources. Additionally, a usermode rootkit component aims to hide malicious processes, albeit with limitations regarding initial access permissions.

Date

Published: June 27, 2024, 8:14 a.m.

Created: June 27, 2024, 8:14 a.m.

Modified: June 27, 2024, 9:26 a.m.

Indicators

9b74bfec39e2fcd8dd6dda6c02e1f1f8e64c10da2e06b6e09ccbe6234a828acb

8a29238ef597df9c34411e3524109546894b3cca67c2690f63c4fb53a433f4e3

4f949750575d7970c20e009da115171d28f1c96b8b6a6e2623580fa8be1753d9

2c8a37285804151fb727ee0ddc63e4aec54d9460b8b23505557467284f953e4b

129.144.180.26

88.198.117.174

195.201.97.156

159.69.83.232

http://88.198.117.174:19999

http://195.201.97.156:19999

http://159.69.83.232:19999

http://129.144.180.26:60107/dl/rsagen

http://129.144.180.26:60107

randbnothing@tutanota.com

besttrcovery@firemail.cc

Attack Patterns

rsagen

P2Pinfect

T1583

T1505

T1486

T1496

T1562