TLP Rating: Clear 
CERT Vanuatu and the Office of the Chief Information Officer (OGCIO) have identified the following threat:
- Trojan Malware: A Trojan malware variant targeting bitcoin mining and online payment transaction events.
What Systems affected?
Windows systems and networks have detected generic collection of the Trojan malware. Since this generic detection, malware that are detected may have varying behaviour.
This malware may drop any of the following file(s):
undefinedAppDataundefined\microsoft\windows\crashreports.exe : This file is a copy of the original malware itself.
undefinedAppDataundefined\[Random]\[Random].exe : This file is a copy of the original malware itself.
undefinedStartUpundefined\714c2730d6f1a7048d26ffd05f86cd65.exe : This file is non-malicious .NET Assembly Registration Utility.
undefinedSystemDriveundefined\[Random]\[Random].exe : This file is a copy of the original malware itself.
undefinedTempundefined\0.exe : This file is non-malicious.
undefinedTempundefined\ciwinup.exe : This file is a copy of the original malware itself.
undefinedTempundefined\[Random].exe : This file is a copy of the original malware itself.
undefinedAppDataundefined\[Random]\[Random].exe : This file is a copy of the original malware itself.
undefinedStartUpundefined\714c2730d6f1a7048d26ffd05f86cd65.exe : This file is non-malicious .NET Assembly Registration Utility.
undefinedSystemDriveundefined\[Random]\[Random].exe : This file is a copy of the original malware itself.
undefinedTempundefined\0.exe : This file is non-malicious.
undefinedTempundefined\ciwinup.exe : This file is a copy of the original malware itself.
undefinedTempundefined\[Random].exe : This file is a copy of the original malware itself.
This malware may connect to any of the following remote sites(s):
eduboyserver4{Removed}.punkdns.top
logger98{Removed}.cf
hxxp://logger98{Removed}.cf/wp-content/Panel/five/fre.php
logger98{Removed}.cf
hxxp://logger98{Removed}.cf/wp-content/Panel/five/fre.php
Some instances of this malware may have Injector capabilities.
What this means?
The malware instances have a dropper and may have injector capabilities to infect systems.
Mitigation Process
- Update Antivirus (AV) Databases, scan and clean systems and registries.
- Update Computer systems with latest updates available
- Update hardware firmware
- Strengthen firewalls, proxy rules and policies to filter out known attack behaviours.
- Block off malicious IP (source) ranges.