{"id":44746,"date":"2022-01-10T16:15:28","date_gmt":"2022-01-10T16:15:28","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32977\/Abcbot-Botnet-Is-Linked-To-Xanthe-Cryptojacking-Group.html"},"modified":"2022-01-10T16:15:28","modified_gmt":"2022-01-10T16:15:28","slug":"abcbot-botnet-is-linked-to-xanthe-cryptojacking-group","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/","title":{"rendered":"Abcbot Botnet Is Linked To Xanthe Cryptojacking Group"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/ec6509023d76acaef0248cc12a9f1478a2c2e1ba\/2016\/10\/04\/dcbb73c7-fbb8-4544-a39f-248fe29e908b\/global-network-istock.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" class=\"ff-og-image-inserted\"><\/div>\n<p>Researchers have forged a &#8220;clear&#8221; link between the Abcbot botnet and a well-established cryptojacking cybercriminal group.<\/p>\n<p>First discovered In July 2021 by <a href=\"https:\/\/blog.netlab.360.com\/abcbot_an_evolving_botnet_en\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Netlab 360<\/a>, the Abcbot botnet began as a simple scanner that used basic credential stuffing attacks and known vulnerability exploits to compromise vulnerable Linux systems.&nbsp;<\/p>\n<p>However, the developers quickly updated their creation to include self-update mechanisms, exploit kits, worm functionality, and a total of nine distributed denial-of-service (DDoS) attack functions. <\/p>\n<p>These findings were a starting point for <a href=\"https:\/\/www.cadosecurity.com\/the-continued-evolution-of-abcbot\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Cado Security<\/a>, which published a further analysis of the botnet in December. By this stage, Abcbot botnet was also able to detect and kill Docker image-based cryptocurrency miners and malware already present on a target server, as well as disable cloud monitors including Aliyun Alibaba Cloud Assistant and Tencent monitoring components. <\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/zh_hk\/research\/21\/j\/actors-target-huawei-cloud-using-upgraded-linux-malware-.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Trend Micro<\/a> said that once a deep clean of compromised servers has taken place, new, malicious user profiles are added with high levels of privilege, and failsafes were deployed to stop them from being modified or removed.&nbsp; <\/p>\n<p>While past examples of the botnet&#8217;s activity revealed a clean-up before it deployed its own cryptocurrency mining malware, on Monday, a new analysis published by Cado Security suggests the malware may be shifting back to more traditional routes: namely, a return to DDoS attacks as a focus.&nbsp; <\/p>\n<p>According to the cybersecurity researchers, there is now an established link between the botnet and Xanthe, a cryptojacking campaign documented by <a href=\"https:\/\/blog.talosintelligence.com\/2020\/12\/xanthe-docker-aware-miner.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Cisco Talos<\/a> in December 2020. <\/p>\n<section class=\"sharethrough-top placeholder\"> <\/section>\n<p>Talos uncovered Xanthe after the group targeted a Docker-based honeypot with a Monero cryptocurrency miner, XMRig. At the time, Xanthe focused on hijacking computational resources of vulnerable servers to generate cryptocurrency and used bash scripts to eradicate competitor malware, as well as to maintain persistence.&nbsp; <\/p>\n<p>After comparing the Abcbot botnet and Xanthe samples, <a href=\"https:\/\/www.cadosecurity.com\/abcbot-an-evolution-of-xanthe\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Cado Security found<\/a> code and feature similarities.&nbsp; <\/p>\n<p>A VirusTotal graph based on known Indicators of Compromise (IoCs), stylistic choices, and unique strings then revealed four hosts that overlapped in infrastructure and delivered both Abcbot botnet and Xanthe malware campaigns.&nbsp; <\/p>\n<p>However, the samples also revealed recent changes in functionality, including commented-out mining components, that suggest mining may &#8220;no longer [be] an objective&#8221; of Abcbot. <\/p>\n<p>&#8220;Based on this analysis, we believe that the same threat actor is responsible for both Xanthe and Abcbot and is shifting its objective from mining cryptocurrency on compromised hosts to activities more traditionally associated with botnets, such as DDoS attacks,&#8221; the researchers said. &#8220;We suspect this won&#8217;t be the last malware campaign we analyze from this actor.&#8221;<\/p>\n<h3> Previous and related coverage <\/h3>\n<hr>\n<p><strong>Have a tip?<\/strong> Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 <\/p>\n<hr>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32977\/Abcbot-Botnet-Is-Linked-To-Xanthe-Cryptojacking-Group.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9814],"class_list":["post-44746","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-blogs","tag-headlinehackermalwarecybercrimebotnetcryptography"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Abcbot Botnet Is Linked To Xanthe Cryptojacking Group 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Abcbot Botnet Is Linked To Xanthe Cryptojacking Group 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-10T16:15:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/ec6509023d76acaef0248cc12a9f1478a2c2e1ba\/2016\/10\/04\/dcbb73c7-fbb8-4544-a39f-248fe29e908b\/global-network-istock.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Abcbot Botnet Is Linked To Xanthe Cryptojacking Group\",\"datePublished\":\"2022-01-10T16:15:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\\\/\"},\"wordCount\":449,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/ec6509023d76acaef0248cc12a9f1478a2c2e1ba\\\/2016\\\/10\\\/04\\\/dcbb73c7-fbb8-4544-a39f-248fe29e908b\\\/global-network-istock.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"keywords\":[\"headline,hacker,malware,cybercrime,botnet,cryptography\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\\\/\",\"name\":\"Abcbot Botnet Is Linked To Xanthe Cryptojacking Group 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/ec6509023d76acaef0248cc12a9f1478a2c2e1ba\\\/2016\\\/10\\\/04\\\/dcbb73c7-fbb8-4544-a39f-248fe29e908b\\\/global-network-istock.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"datePublished\":\"2022-01-10T16:15:28+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/ec6509023d76acaef0248cc12a9f1478a2c2e1ba\\\/2016\\\/10\\\/04\\\/dcbb73c7-fbb8-4544-a39f-248fe29e908b\\\/global-network-istock.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/ec6509023d76acaef0248cc12a9f1478a2c2e1ba\\\/2016\\\/10\\\/04\\\/dcbb73c7-fbb8-4544-a39f-248fe29e908b\\\/global-network-istock.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware,cybercrime,botnet,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalwarecybercrimebotnetcryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Abcbot Botnet Is Linked To Xanthe Cryptojacking Group\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Abcbot Botnet Is Linked To Xanthe Cryptojacking Group 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/","og_locale":"en_US","og_type":"article","og_title":"Abcbot Botnet Is Linked To Xanthe Cryptojacking Group 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-01-10T16:15:28+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/ec6509023d76acaef0248cc12a9f1478a2c2e1ba\/2016\/10\/04\/dcbb73c7-fbb8-4544-a39f-248fe29e908b\/global-network-istock.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Abcbot Botnet Is Linked To Xanthe Cryptojacking Group","datePublished":"2022-01-10T16:15:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/"},"wordCount":449,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/ec6509023d76acaef0248cc12a9f1478a2c2e1ba\/2016\/10\/04\/dcbb73c7-fbb8-4544-a39f-248fe29e908b\/global-network-istock.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","keywords":["headline,hacker,malware,cybercrime,botnet,cryptography"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/","url":"https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/","name":"Abcbot Botnet Is Linked To Xanthe Cryptojacking Group 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/ec6509023d76acaef0248cc12a9f1478a2c2e1ba\/2016\/10\/04\/dcbb73c7-fbb8-4544-a39f-248fe29e908b\/global-network-istock.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","datePublished":"2022-01-10T16:15:28+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/ec6509023d76acaef0248cc12a9f1478a2c2e1ba\/2016\/10\/04\/dcbb73c7-fbb8-4544-a39f-248fe29e908b\/global-network-istock.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/ec6509023d76acaef0248cc12a9f1478a2c2e1ba\/2016\/10\/04\/dcbb73c7-fbb8-4544-a39f-248fe29e908b\/global-network-istock.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/abcbot-botnet-is-linked-to-xanthe-cryptojacking-group\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware,cybercrime,botnet,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalwarecybercrimebotnetcryptography\/"},{"@type":"ListItem","position":3,"name":"Abcbot Botnet Is Linked To Xanthe Cryptojacking Group"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44746","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44746"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44746\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44746"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44746"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44746"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}