VERY IMPORTANT

Cisco Talos has identified a resurgence of activity by Tor2Mine, a cryptocurrency mining group that was likely last active in 2018. Tor2Mine is deploying additional malware to harvest credentials and steal more money, including AZORult, an information-stealing malware; the remote access tool Remcos; the DarkVNC backdoor trojan; and a clipboard cryptocurrency stealer. The actors are also using a new IP address and two new domains to carry out their operations. The addition of new tactics, techniques, and procedures (TTPs) suggest Tor2Mine is seeking ways to diversify their revenue in a volatile cryptocurrency market.