Craft CMS Flaw Exploited to Deploy Monero Miner and Proxyware
Hackers exploited a critical RCE flaw (CVE-2025-32432) in Craft CMS to deploy a webshell, install XMRig Monero miner, and IPRoyal proxyware. The attack used a UPX-packed Go loader, “4l4md4r,” and LDPRELOAD with alamdar.so for stealth. Compromised systems were monetized via cryptomining and bandwidth resale. Multiple IoCs have been identified.
🏷️ Hashtags:
#CraftCMS #CVE202532432 #XMRig #IPRoyal #WebShell #CryptoMiner #Proxyware #CyberSecurity #RCE #InfoSec #IoCs #LinuxSecurity #CyberThreats #Malware #GoLoader #UPX #MoneroMining
🛡️ Indicators of Compromise (IoCs)
Type Indicator Description
File Hash 1aa4d88a38f5a27a60cfc6d6995f065da074ee340789ed00ddc29abc29ea671e IPRoyal Malware
File Hash 3a71680ffb4264e07da4aaca16a3f8831b9a30d444215268e82b2125a98b94aa XMRig Miner
File Hash fc04f1ef05847607bce3b0ac3710c80c5ae238dcc7fd842cd15e252c18dd7a62 alamdar.sh Script
File Hash 7868cb82440632cc4fd7a451a351c137a39e1495c84172a17894daf1d108ee9a alamdar.so Library
File Hash 2e46816450ad1b4baa85e2a279031f37608657be93e1095238e2b6c36bbb3fd5 Go Loader
URL hxxp://15.188.246[.]198/alamdar.so Malicious Download URL
Monero Wallet 46HmQz11t8uN84P8xgThrQXSYm434VC7hhNR8be4QrGtM1Wa4cDH2GkJ2NNXZ6Dr4bYg6phNjHKYJ1QfpZRBFYW5V6qnRJN Cryptomining Wallet
Email 4l4md4r[@]proton.me Linked to IPRoyal Account
Видео Craft CMS Flaw Exploited to Deploy Monero Miner and Proxyware канала Secure Thread
🏷️ Hashtags:
#CraftCMS #CVE202532432 #XMRig #IPRoyal #WebShell #CryptoMiner #Proxyware #CyberSecurity #RCE #InfoSec #IoCs #LinuxSecurity #CyberThreats #Malware #GoLoader #UPX #MoneroMining
🛡️ Indicators of Compromise (IoCs)
Type Indicator Description
File Hash 1aa4d88a38f5a27a60cfc6d6995f065da074ee340789ed00ddc29abc29ea671e IPRoyal Malware
File Hash 3a71680ffb4264e07da4aaca16a3f8831b9a30d444215268e82b2125a98b94aa XMRig Miner
File Hash fc04f1ef05847607bce3b0ac3710c80c5ae238dcc7fd842cd15e252c18dd7a62 alamdar.sh Script
File Hash 7868cb82440632cc4fd7a451a351c137a39e1495c84172a17894daf1d108ee9a alamdar.so Library
File Hash 2e46816450ad1b4baa85e2a279031f37608657be93e1095238e2b6c36bbb3fd5 Go Loader
URL hxxp://15.188.246[.]198/alamdar.so Malicious Download URL
Monero Wallet 46HmQz11t8uN84P8xgThrQXSYm434VC7hhNR8be4QrGtM1Wa4cDH2GkJ2NNXZ6Dr4bYg6phNjHKYJ1QfpZRBFYW5V6qnRJN Cryptomining Wallet
Email 4l4md4r[@]proton.me Linked to IPRoyal Account
Видео Craft CMS Flaw Exploited to Deploy Monero Miner and Proxyware канала Secure Thread
Комментарии отсутствуют
Информация о видео
28 мая 2025 г. 19:30:04
00:00:15
Другие видео канала
