Sysrv-Hello Miner (also known as Sysrv, Sysrv-Hello) is a malware active since 2020. Cryptomining botnet. Key characteristics include: Go-based, multi-vulnerability exploitation, XMRig mining, worm propagation, Linux/Windows.
Overview & Background
Cryptomining botnet. First identified in 2020, this threat is attributed to eCrime.
Threat Assessment
Sysrv-Hello Miner remains an active threat. Organizations should implement detection rules and monitor for indicators associated with this malware.
- Category: Malware
- Active since: 2020
- Attribution: eCrime
- Also known as: Sysrv, Sysrv-Hello
Technical Analysis
Sysrv-Hello Miner employs the following capabilities and techniques:
- Go-Based: Core functionality
- Multi-Vulnerability Exploitation: Core functionality
- Xmrig Mining: Core functionality
- Worm Propagation: Core functionality
- Linux/Windows: Core functionality
MITRE ATT&CK Mapping
| Tactic | Technique | Usage |
|---|---|---|
| Initial Access | T1566.001 Phishing Attachment | Common delivery vector |
| Execution | T1204.002 Malicious File | User-triggered execution |
| Persistence | T1547.001 Registry Run Keys | Autostart persistence |
| Defense Evasion | T1027 Obfuscated Files | Payload obfuscation |
| C2 | T1071.001 Web Protocols | HTTP/HTTPS C2 |
Detection & Defense
- Endpoint detection: Deploy behavioral detection rules for Sysrv-Hello Miner indicators
- Network monitoring: Monitor for C2 traffic patterns and anomalous connections
- Threat intelligence: Track Sysrv-Hello Miner IOCs and campaign updates
- Security awareness: Train users to recognize phishing and social engineering
- Patch management: Keep systems updated to prevent exploitation
Defend Against Sysrv-Hello Miner
Mjolnir Security provides detection and response capabilities against Sysrv-Hello Miner and similar threats.
Threat DetectionIncident ResponseThreat HuntingMDR ServicesThreat Intelligence
- Proactive Threat Hunting Hunt for Sysrv-Hello Miner indicators and TTPs within your environment.
- Threat Intelligence Monitor Sysrv-Hello Miner campaigns and infrastructure changes.
- 24/7 Incident Response Rapid containment and forensic investigation. Call +1 833 403 5875.
Written by: Mjolnir Security | Published: March 19, 2025
Stay ahead of emerging threats. Get notified when we publish new intelligence reports and advisories.
Subscribe to Alerts