From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer
June 27, 2024, 9:26 a.m.
Description
P2Pinfect is a sophisticated malware that utilizes a peer-to-peer botnet for command and control. Initially appearing dormant, it has evolved to deploy ransomware and cryptominer payloads. The malware spreads via exploiting Redis and limited SSH capabilities. A recent update introduced a new ransomware payload that encrypts files with specific extensions, while a cryptominer targets system resources. Additionally, a usermode rootkit component aims to hide malicious processes, albeit with limitations regarding initial access permissions.
Date
| Published | Created | Modified |
|---|---|---|
| June 27, 2024, 8:14 a.m. | June 27, 2024, 8:14 a.m. | June 27, 2024, 9:26 a.m. |
Indicators
9b74bfec39e2fcd8dd6dda6c02e1f1f8e64c10da2e06b6e09ccbe6234a828acb
8a29238ef597df9c34411e3524109546894b3cca67c2690f63c4fb53a433f4e3
4f949750575d7970c20e009da115171d28f1c96b8b6a6e2623580fa8be1753d9
2c8a37285804151fb727ee0ddc63e4aec54d9460b8b23505557467284f953e4b
129.144.180.26
88.198.117.174
195.201.97.156
159.69.83.232
http://88.198.117.174:19999
http://195.201.97.156:19999
http://159.69.83.232:19999
http://129.144.180.26:60107/dl/rsagen
http://129.144.180.26:60107
randbnothing@tutanota.com
besttrcovery@firemail.cc
Attack Patterns
rsagen
P2Pinfect
T1583
T1505
T1486
T1496
T1562