#xmrig — Public Fediverse posts

StaryDobry ruins New Year’s Eve, delivering miner instead of presents – Source: securelist.com https://ciso2ciso.com/starydobry-ruins-new-years-eve-delivering-miner-instead-of-presents-source-securelist-com/ #rssfeedpostgeneratorecho #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Financialthreats #Windowsmalware #Gamingmalware #securelistcom #spoofing #Malware #Torrent #Trojan #Miner #XMrig #DLL

StaryDobry ruins New Year’s Eve, delivering miner instead of presents – Source: securelist.com https://ciso2ciso.com/starydobry-ruins-new-years-eve-delivering-miner-instead-of-presents-source-securelist-com/ #rssfeedpostgeneratorecho #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Financialthreats #Windowsmalware #Gamingmalware #securelistcom #spoofing #Malware #Torrent #Trojan #Miner #XMrig #DLL

StaryDobry ruins New Year’s Eve, delivering miner instead of presents – Source: securelist.com https://ciso2ciso.com/starydobry-ruins-new-years-eve-delivering-miner-instead-of-presents-source-securelist-com/ #rssfeedpostgeneratorecho #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Financialthreats #Windowsmalware #Gamingmalware #securelistcom #spoofing #Malware #Torrent #Trojan #Miner #XMrig #DLL

StaryDobry ruins New Year’s Eve, delivering miner instead of presents – Source: securelist.com https://ciso2ciso.com/starydobry-ruins-new-years-eve-delivering-miner-instead-of-presents-source-securelist-com/ #rssfeedpostgeneratorecho #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Financialthreats #Windowsmalware #Gamingmalware #securelistcom #spoofing #Malware #Torrent #Trojan #Miner #XMrig #DLL

Hackers maken misbruik van docker api voor cryptojacking https://www.trendingtech.news/trending-news/2024/10/39932/hackers-maken-misbruik-van-docker-api-voor-cryptojacking #Docker #cryptojacking #cybersecurity #malware #XMRig #Trending #News #Nieuws

This is a destructive OPSEC failure.
PoC code is trivial to find along with a simple Censys query to uncover vulnerable hosts. The code itself supports a TXT file of URLs so....spray and pray method to find targets. Certain campaigns used #XMRig, GoThief, and backdoors like #Gh0stRAT and #PlugX.

It should go without saying to not make your file servers open to the public but some didn't get the memo.
#HFS #CVE202423692 #ThreatIntel

https://asec.ahnlab.com/en/67650/

Happy Friday everyone!

#Cryptominers and #CVE20173506 is featured in today's #readoftheday! Trend Micro takes us through a riveting tale where the protagonist, #WaterSigbin, abuses a vulnerability in Oracle WebLogic Servers. After exploitation, a Base64-encoded payload is run that drops the initial stage loader named "wireguard2-3.exe", which masquerades itself as a legitimate VPN technology to help with it's defense evasion. It also plays a role in getting the attack to the next stages which involve DLL-reflection, C2 communication, and finally the #XMRig cyrptominer.

Significant details that are included is a scheduled task created for Windows Defender exclusion, some discovery using WMI, and another scheduled task for persistence. As usual, I am not going to spoil it all, go and have a read for yourself! Enjoy and Happy Hunting!

Notable MITRE ATT&CK TTPs (thanks to the authors):
TA0001 - Initial Access
T1190 - Exploit Public-Facing Application

TA0002 - Execution
T1059.001 - Command and Scripting Interpreter: PowerShell
T1047 - Windows Management Instumentation

TA0005 - Defense Evasion
T1620 - Reflective Code Loading
T1036.005 - Masquerading: Match Legitimate Name or Location
T1562.001 - Impair Defenses: Disable or Modify Tools

TA0003 - Persistence
T1053.005 - Scheduled Task/Job: Scheduled Task

TA0011 - Command And Control
T1571 - Non-Standard Port
T1071 - Application Layer Protocol

TA0007 - Discovery
T1057 - Process Discovery
T1012 - Query Registry

Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer
https://www.trendmicro.com/en_us/research/24/f/water-sigbin-xmrig.html

Intel 471 #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #gethunting