Kevin Karhan :verified: · @kkarhan
1283 followers · 85365 posts · Server mstdn.social@kubikpixel Erinnert mich an so manche #malware die sich per non-persistence von Erkennung und Bekämpfung schützt.
#xmrig ohne sudo und mit geringster Priorität hat extrem schlechte #Hashrate aber langfristiger lohnt es sich für jene Cyberkriminelle unbemerkt weniger Rechenleistung zu 'stehlen' denn binnen weniger Stunden oder Tage von erkannt und von Systemen geworfen zu werden...
Redhotcyber · @redhotcyber
400 followers · 577 posts · Server mastodon.bida.im
Un nuovo malware sfrutta le vulnerabilità di Microsoft Exchange per il mining di criptovaluta
Il nuovo #malware, soprannominato “#ProxyShellMiner”, sfrutta le #vulnerabilità di #Microsoft Exchange #ProxyShell per distribuire minatori di #criptovaluta e trarre profitto dagli aggressori.
Gli aggressori rilasciano quindi il payload del #malware .NET nella cartella #NETLOGON del controller di dominio per garantire che tutti i dispositivi sulla #rete possano eseguire il #malware. Per attivarlo è necessario un parametro della riga di comando, che viene duplicato come password per il componente #XMRig #Miner.
#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity
#malware #ProxyShellMiner #vulnerabilità #microsoft #ProxyShell #criptovaluta #Netlogon #rete #xmrig #miner #redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #CyberSecurityAwareness #cybersecuritytraining #CyberSecurityNews #privacy #infosecurity
Tarnkappe.info · @tarnkappeinfo
1964 followers · 4226 posts · Server social.tchncs.de
📬 Final Cut Pro kostenlos runterladen? Aber bitte ohne Malware!
#Malware #AdobePhotoshop #FinalCutPro #Kryptomining #LogicPro #Mac #macOS #Monero #ThePirateBay #torrent #XMRig #XProtect https://tarnkappe.info/artikel/malware/final-cut-pro-kostenlos-runterladen-aber-bitte-ohne-malware-265921.html
#xprotect #xmrig #torrent #thepiratebay #monero #macos #mac #logicpro #kryptomining #finalcutpro #adobephotoshop #malware
Félix Brezo · @febrezo
156 followers · 213 posts · Server mastodon.socialFrom a #ThreatIntelligence perspective, the #TTPs would be:
- #T1059.003: Command and Scripting Interpreter: Unix Shell. SHC payloads to be run still need a shell to be identified in the system and that the code inside the payload is, in fact, a shell script.
- #T1027.002: Obfuscated Files or Information: Software Packed with #SHC.
- #T1622: Debugger Evasion by using SHC with '-r'.
- #T1105: Ingress Tool Transfer by downloading payloads from Github.
- #T1496: Resource Hijacking with #XMRig.
#threatintelligence #ttps #t1059 #t1027 #shc #t1622 #t1105 #t1496 #xmrig
Félix Brezo · @febrezo
156 followers · 212 posts · Server mastodon.social
In this regard, I've been working with #SHC this evening to understand how it works and I've discovered that it is pretty easy to use it to ship complex scripts onto a single executable file.
The result is Bobominer (https://github.com/febrezo/bobominer), a stupidly simple PoC of how I've used #SHC to create a binary that downloads #XMRig from Github to download and configure it to start mining.
I didn't expect that it was so easy to package things this way. #ThreatIntelligence #T1496.
#shc #xmrig #threatintelligence #t1496
TribalCyberSecurity · @tribalcyber
13 followers · 16 posts · Server ioc.exchange
"All You Need to Know About Emotet in 2022"
#Emotet #malware > #XMRig #CobaltStrike #IcedID #exploitkit #trojan
#cybersecurity #infosec #TTP #IoC
https://thehackernews.com/2022/11/all-you-need-to-know-about-emotet-in.html
#emotet #malware #xmrig #cobaltstrike #icedid #exploitkit #trojan #cybersecurity #infosec #TTP #ioc
k3ym0 · @k3ym0
187 followers · 104 posts · Server infosec.exchangeYesterday CISA and the FBI published a joint advisory on an Iranian #APT compromising FCEB (Federal Civilian Executive Branch) systems. The threat actors exploited #Log4Shell in an unpatched VMware Horizon server, installed #XMRig crypto mining software, moved laterally to the DC, compromised credentials with #Mimikatz, and then backdoored with #Ngrok on several hosts to maintain persistence.
My question is, why the hell they would go out of their way to install XMRig as part of this attack? Was it,
- for Lulz?
- to obfuscate their intent?
- financial motive?
From what I know, "for the Lulz" really isn't part of the APT playbook, and the only APT with financial motive that I'm ware of is North Korea, where cybercrime is literally part of their GNI (Gross National Income). My guess is to obfuscate, but I'd love to hear other people's thoughts on this.
#apt #Log4Shell #xmrig #mimikatz #ngrok #cti #dfir
k3ym0 · @k3ym0
266 followers · 128 posts · Server infosec.exchangeYesterday CISA and the FBI published a joint advisory on an Iranian #APT compromising FCEB (Federal Civilian Executive Branch) systems. The threat actors exploited #Log4Shell in an unpatched VMware Horizon server, installed #XMRig crypto mining software, moved laterally to the DC, compromised credentials with #Mimikatz, and then backdoored with #Ngrok on several hosts to maintain persistence.
My question is, why the hell they would go out of their way to install XMRig as part of this attack? Was it,
- for Lulz?
- to obfuscate their intent?
- financial motive?
From what I know, "for the Lulz" really isn't part of the APT playbook, and the only APT with financial motive that I'm ware of is North Korea, where cybercrime is literally part of their GNI (Gross National Income). My guess is to obfuscate, but I'd love to hear other people's thoughts on this.
#apt #Log4Shell #xmrig #mimikatz #ngrok #cti #dfir
seadev · @seadev
123 followers · 65 posts · Server infosec.exchange#CISA released an Alert today regarding Iranian Government-Sponsored APT actors
+ exploiting #Log4Shell
+ dropping #XMRig crypto miner
+ leveraging #Ngrok for persistence
#threatintel #infosec
#cisa #Log4Shell #xmrig #ngrok #threatintel #infosec
Tarnkappe.info · @tarnkappeinfo
1529 followers · 3787 posts · Server social.tchncs.de
📬 Mining eines XMR Coins kostet Hacking-Opfer 11.000 US-Dollar
#Hacking #Kryptowährungen #Malware #CloudServer #Kryptomining #Monero #Sysdig #TeamTNT #XMR #XMRig https://tarnkappe.info/artikel/hacking/mining-eines-xmr-coins-kostet-hacking-opfer-11-000-us-dollar-256942.html
#xmrig #xmr #teamtnt #sysdig #monero #kryptomining #cloudserver #malware #kryptowährungen #hacking
Tarnkappe.info · @tarnkappeinfo
1529 followers · 3787 posts · Server social.tchncs.de
📬 Shikitega Malware verteilt Monero-Miner auf Linux-Geräte
#Malware #IoTGeräte #KryptoMining #LinuxMalware #LinuxServer #Mettle #MoneroMining #XMRig https://tarnkappe.info/artikel/malware/shikitega-malware-verteilt-monero-miner-auf-linux-geraete-255362.html
#xmrig #MoneroMining #Mettle #linuxserver #linuxmalware #kryptomining #IoTGeräte #malware
ITSEC News · @itsecbot
856 followers · 32557 posts · Server schleuss.online
Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer - By Edmund Brumaghin and Vanja Svajcer, with contributions from Michael Chen.
Cisco Talos... http://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html #threatspotlight #cryptomining #zingostealer #haskersgang #malware #redline #securex #xmrig
#xmrig #securex #redline #malware #haskersgang #zingostealer #cryptomining #threatspotlight
Sozialwelten · @sozialwelten
1532 followers · 10299 posts · Server ifwo.eu
Mit 500 h/s ziemlich langsam auf dem #Arbeitsrechner; Unter #WSL ist das #MSR Modul nicht verfügbar, das ist neben der #CPU Intel Core i5 7400 3.00Ghz vermutlich #Flaschenhals. #Virenscanner hat #angeschlagen, ich konnte die Einträge jedoch aus der #Logfile entfernen. Nicht, dass das jemand #kontrollieren würde.
#Arbeitsrechner #wsl #msr #cpu #Flaschenhals #virenscanner #angeschlagen #Logfile #kontrollieren #monero #xmrig
Tarnkappe.info · @tarnkappeinfo
1530 followers · 3787 posts · Server social.tchncs.de
📬MosaicLoader: Neue Malwarefamilie tarnt sich als gerackte Software📬 https://tarnkappe.info/mosaicloader-neue-malwarefamilie-tarnt-sich-als-gerackte-software/ #MosaicLoader #Bitdefender #Obfuscation #Presenoker #Glupteba #Malware #XMRig
#xmrig #malware #glupteba #Presenoker #obfuscation #bitdefender #MosaicLoader
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Misconfigured Docker Servers Under Attack by Xanthe Malware - The never-before-seen Xanthe cryptomining botnet has been targeting misconfigured Docker APIs. https://threatpost.com/misconfigured-docker-servers-xanthe-malware/161732/ #cloudsecurity #misconfigured #cryptomining #websecurity #ciscotalos #dockerapi #malware #botnet #docker #monero #xanthe #xmrig #ssh
#ssh #xmrig #xanthe #monero #docker #botnet #malware #dockerapi #ciscotalos #websecurity #cryptomining #misconfigured #cloudsecurity
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Sharp Spike in Ransomware in U.S. as Pandemic Inspires Attackers - COVID-19 has changed the face of cybercrime, as the latest malware statistics show. more: https://threatpost.com/sharp-spike-ransomware-pandemic-inspires-attackers/157689/ #mostrecentthreatlists #2020cyberthreatreport #encryptedthreats #internetofthings #cloudsecurity #cryptography #cryptomining #websecurity #cybercrime #ransomware #statistics #increases #sonicwall #covid-19 #pandemic #malware #xmrig #iot
#iot #xmrig #malware #pandemic #covid #sonicwall #increases #statistics #ransomware #cybercrime #websecurity #cryptomining #cryptography #cloudsecurity #internetofthings #encryptedthreats #2020cyberthreatreport #mostrecentthreatlists
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Golang Worm Widens Scope to Windows, Adds Payload Capacity - A first-stage malware loader spotted in active campaigns has added additional exploits and a new b... more: https://threatpost.com/worm-golang-malware-windows-payloads/156924/ #securityvulnerabilities #vulnerabilities #drupalgeddon2.0 #cryptomining #websecurity #cryptominer #barracuda #backdoor #exploits #malware #windows #golang #oracle #linux #xmrig #worm
#worm #xmrig #linux #oracle #golang #windows #malware #exploits #backdoor #barracuda #cryptominer #websecurity #cryptomining #drupalgeddon2 #vulnerabilities #securityvulnerabilities
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Kubernetes Falls to Cryptomining via Machine-Learning Framework - Misconfigured dashboards are at the heart of a widespread XMRIG Monero-mining campaign. more: https://threatpost.com/kubernetes-cryptomining-machine-learning-framework/156481/ #maliciouscontainer #misconfiguration #machinelearning #cryptomining #websecurity #containers #kubernetes #microsoft #kubeflow #malware #monero #azure #xmrig
#xmrig #azure #monero #malware #kubeflow #microsoft #kubernetes #containers #websecurity #cryptomining #machinelearning #misconfiguration #maliciouscontainer
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Blue Mockingbird Monero-Mining Campaign Exploits Web Apps - The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote co... more: https://threatpost.com/blue-mockingbird-monero-mining/155581/ #deserializationvulnerability #remotecodeexecution #projecttelerikui #vulnerabilities #bluemockingbird #cve-2019-18935 #cryptography #cryptomining #websecurity #redcanary #asp.net #exploit #monero #xmrig
#xmrig #monero #exploit #asp #redcanary #websecurity #cryptomining #cryptography #cve #bluemockingbird #vulnerabilities #projecttelerikui #remotecodeexecution #deserializationvulnerability
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Poorly Secured Docker Image Comes Under Rapid Attack - A honeypot experiment shows just how quickly cybercriminals will move to compromise vulnerable clo... more: https://threatpost.com/poorly-secured-docker-image-rapid-attack/154874/ #workfromhomescam #botnetinfection #larrycashdollar #cloudsecurity #poorlysecured #twitchproxies #cryptomining #dockerimage #emailrelay #experiment #honeypot #attacks #akamai #docker #mirai #xmrig
#xmrig #mirai #docker #akamai #attacks #honeypot #experiment #emailrelay #dockerimage #cryptomining #twitchproxies #poorlysecured #cloudsecurity #larrycashdollar #botnetinfection #workfromhomescam