Загрузка...

IOCs | Craft CMS Flaw Exploited to Deploy Monero Miner and Proxyware

Hackers exploited a critical RCE flaw (CVE-2025-32432) in Craft CMS to deploy a webshell, install XMRig Monero miner, and IPRoyal proxyware. The attack used a UPX-packed Go loader, “4l4md4r,” and LDPRELOAD with alamdar.so for stealth. Compromised systems were monetized via cryptomining and bandwidth resale. Multiple IoCs have been identified.
Hashtags:
#CraftCMS #CVE202532432 #XMRig #IPRoyal #WebShell #CryptoMiner #Proxyware #CyberSecurity #RCE #InfoSec #IoCs #LinuxSecurity #CyberThreats #Malware #GoLoader #UPX #MoneroMining

Indicators of Compromise (IoCs)
Type Indicator Description
File Hash 1aa4d88a38f5a27a60cfc6d6995f065da074ee340789ed00ddc29abc29ea671e IPRoyal Malware
File Hash 3a71680ffb4264e07da4aaca16a3f8831b9a30d444215268e82b2125a98b94aa XMRig Miner
File Hash fc04f1ef05847607bce3b0ac3710c80c5ae238dcc7fd842cd15e252c18dd7a62 alamdar.sh Script
File Hash 7868cb82440632cc4fd7a451a351c137a39e1495c84172a17894daf1d108ee9a alamdar.so Library
File Hash 2e46816450ad1b4baa85e2a279031f37608657be93e1095238e2b6c36bbb3fd5 Go Loader
URL hxxp://15.188.246[.]198/alamdar.so Malicious Download URL
Monero Wallet 46HmQz11t8uN84P8xgThrQXSYm434VC7hhNR8be4QrGtM1Wa4cDH2GkJ2NNXZ6Dr4bYg6phNjHKYJ1QfpZRBFYW5V6qnRJN Cryptomining Wallet
Email 4l4md4r[@]proton.me Linked to IPRoyal Account

Видео IOCs | Craft CMS Flaw Exploited to Deploy Monero Miner and Proxyware канала Secure Thread
Комментарии отсутствуют
Зарегистрируйтесь или войдите с
Информация о видео
28 мая 2025 г. 20:30:33
00:00:15
Secure Thread
Правообладателям
Жалоба на материал Недопустимый материал Нарушение авторских прав
Комментарии
Поделиться
Другие видео канала

Midnight Blizzard Targets Microsoft Execs with Password SprayMidnight Blizzard Targets Microsoft Execs with Password Spray

Microsoft June 2025 Patch Tuesday Fixes 67 Vulnerabilities Including WebDAV Zero-Day and SMB ClientMicrosoft June 2025 Patch Tuesday Fixes 67 Vulnerabilities Including WebDAV Zero-Day and SMB Client

Spain & Latin America hit by banking trojan | SecureThread ShortsSpain & Latin America hit by banking trojan | SecureThread Shorts

Hackers Exploit Multiple Techniques to Bypass Fingerprint Scanners and Steal IdentitiesHackers Exploit Multiple Techniques to Bypass Fingerprint Scanners and Steal Identities

Legends International Hit by Data BreachLegends International Hit by Data Breach

KEA Portal Clone Scams Students with Fake Medical Expo and Counselling SchemeKEA Portal Clone Scams Students with Fake Medical Expo and Counselling Scheme

China’s Mustang Panda Upgrades Malware Arsenal in 2025China’s Mustang Panda Upgrades Malware Arsenal in 2025

Medusa Ransomware Surges After Adopting RaaS Model | FBI & CISA Issue Warning | SecureThread ShortsMedusa Ransomware Surges After Adopting RaaS Model | FBI & CISA Issue Warning | SecureThread Shorts

Global Crackdown Slashes Darknet and Fraud Shop RevenuesGlobal Crackdown Slashes Darknet and Fraud Shop Revenues

Student Scam Alert: Fake Internships Targeting Miami University!Student Scam Alert: Fake Internships Targeting Miami University!

Bank Scam Alert: Frankenmuth Credit Union Impersonated | SecureThread ShortsBank Scam Alert: Frankenmuth Credit Union Impersonated | SecureThread Shorts

Pakistani Hackers take Over a Nursing College Website and shared Disturbing ImagesPakistani Hackers take Over a Nursing College Website and shared Disturbing Images

AI-Driven API Attacks Explode: 150 Billion in 2024AI-Driven API Attacks Explode: 150 Billion in 2024

Chinese Hackers Exploit Ivanti Zero-Days to Target French Government, Defense, and Media EntitiesChinese Hackers Exploit Ivanti Zero-Days to Target French Government, Defense, and Media Entities

Play Ransomware Group Exploits Windows 0-Day CVE-2025-29824Play Ransomware Group Exploits Windows 0-Day CVE-2025-29824

DarkEngine Campaign Compromises 2,353 WordPress Sites with Fake CAPTCHA MalwareDarkEngine Campaign Compromises 2,353 WordPress Sites with Fake CAPTCHA Malware

Sydney Uni Data Breach affects 10,000 Students | SecureThread ShortsSydney Uni Data Breach affects 10,000 Students | SecureThread Shorts

India | Seven Agents of Chinese Cyber Gang Arrested in Ranchi for APK-Based Banking Fraud SchemeIndia | Seven Agents of Chinese Cyber Gang Arrested in Ranchi for APK-Based Banking Fraud Scheme

Google Enhances Android 16 with Advanced Protection to Guard Against Spyware AttacksGoogle Enhances Android 16 with Advanced Protection to Guard Against Spyware Attacks

Toll Scam Texts Are BackToll Scam Texts Are Back

Steganography Analysis Reveals Hidden Malware in PNG File Using pngdump.pySteganography Analysis Reveals Hidden Malware in PNG File Using pngdump.py

Яндекс.Метрика
© 2008-2026 «Информационно-развлекательный портал города Верхняя Салда»
salda.ws@mail.ru salda_ws Контакты Карта портала Сообщить об ошибке Соглашения Пользовательское соглашение Соглашение о конфиденциальности Согласие на обработку персональных данных Информация для правообладателей Об использовании Cookies
Все заметки Новая заметка Страницу в заметки
Страницу в закладки Мои закладки
На информационно-развлекательном портале SALDA.WS применяются cookie-файлы. Нажимая кнопку Принять, вы подтверждаете свое согласие на их использование.
О CookiesНапомнить позжеПринять