And so begins my annual tradition where I watch the stick ball game and pretend I'm a proud Limerick woman. #GAA #SHC #Limerick

Skeptoid #258: Spontaneous Human Combustion by Brian Dunning #shc #pyrotron #spontaneoushumancombustion #paranormal #SkeptoidPodcast #podcast #bot People can catch on fire… and there doesn't seem to be anything too mysterious about any given case.
https://skeptoid.com/episodes/4258

From a #ThreatIntelligence perspective, the #TTPs would be:

- #T1059.003: Command and Scripting Interpreter: Unix Shell. SHC payloads to be run still need a shell to be identified in the system and that the code inside the payload is, in fact, a shell script.
- #T1027.002: Obfuscated Files or Information: Software Packed with #SHC.
- #T1622: Debugger Evasion by using SHC with '-r'.
- #T1105: Ingress Tool Transfer by downloading payloads from Github.
- #T1496: Resource Hijacking with #XMRig.

In this regard, I've been working with #SHC this evening to understand how it works and I've discovered that it is pretty easy to use it to ship complex scripts onto a single executable file.

The result is Bobominer (https://github.com/febrezo/bobominer), a stupidly simple PoC of how I've used #SHC to create a binary that downloads #XMRig from Github to download and configure it to start mining.

I didn't expect that it was so easy to package things this way. #ThreatIntelligence #T1496.

Attention #Linux users! There is a new #malware that has been created using the Shell Script Compiler (#shc) and it is deploying a #cryptocurrency miner on infected systems.

https://thehackernews.com/2023/01/new-shc-based-linux-malware-targeting.html

#infosec #cybersecurity #hacking