Skip to content

Hide Navigation Hide TOC

KingMiner (a9467439-48d8-4f68-9519-560bb6430f0c)

A recently discovered cryptomining operation forces access to Windows servers to use their CPU cycles for mining Monero coins. Detected six months ago, the activity went through multiple stages of evolution. Since it was spotted in mid-June, the malware received two updates and the number of attacks keeps increasing. The researchers at CheckPoint analyzed the new threat and gave it the name KingMiner. They found that it targets Microsoft IIS and SQL Servers in particular and runs a brute-force attack to gain access. Once in, the malware determines the CPU architecture and checks for older versions of itself to remove them.

Cluster A Galaxy A Cluster B Galaxy B Level
Kingminer (04d95343-fd44-471d-bfe7-908994a98ea7) Malpedia KingMiner (a9467439-48d8-4f68-9519-560bb6430f0c) Tool 1