“and a list of hashes of the download list files. figure 2 : rtorrent response example once the result is positive, the attacker initiates the exploitation by sending another post request that calls the “ execute ” method, which allows the attacker to run arbitrary shell commands …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
84%
“rtorrent client exploited in the wild to deploy monero crypto - miner f5 threat researchers detected attackers actively exploiting the rtorrent client through a previously undisclosed misconfiguration vulnerability and deploying a monero ( xmr ) crypto - miner operation. - the rt…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
83%
“##mandy2 reported several vulnerabilities in one of the most popular bittorrent clients, utorrent. the vulnerabilities were related to the handling of json - rpc calls wherein a victim visiting an attacker ’ s website could be served a malicious javascript that would implement a …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1105Ingress Tool Transfer
70%
“sleeps for random periods ( likely an evasion technique ), and then downloads the mining malware with the correct os architecture ( x64 or x32 ). figure 8 : downloading the miner malware interestingly, the file is served from a tor network using the tor2web “ gateway ” service to…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
45%
“their operations. in this example, we are seeing crypto - criminals moving into an interesting attack vector target : misconfigured bittorrent clients. as a protection, rtorrent users are advised to make sure that their clients are not accepting connections from the outside world…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1496Resource Hijacking
44%
“rtorrent client exploited in the wild to deploy monero crypto - miner f5 threat researchers detected attackers actively exploiting the rtorrent client through a previously undisclosed misconfiguration vulnerability and deploying a monero ( xmr ) crypto - miner operation. - the rt…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1496.001Compute Hijacking
43%
“rtorrent client exploited in the wild to deploy monero crypto - miner f5 threat researchers detected attackers actively exploiting the rtorrent client through a previously undisclosed misconfiguration vulnerability and deploying a monero ( xmr ) crypto - miner operation. - the rt…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1071.001Web Protocols
37%
“includes a default http library name ( for example, “ python - requests / 2. 18. 4 ” ). in this case, the user - agent doubles as a deception technique to trick researchers or scanners that access the server with their internet browser or tool and get a “ 403 forbidden ” response…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A previously undisclosed misconfiguration vulnerability in the rTorrent client is being exploited in the wild to mine Monero.