“to probe the target for potential exploitability to cve - 2017 - 12149, which was disclosed just a couple of months ago. it will send a request to the “ / invoker / readonly ” url via seven different tcp ports commonly used by jboss. if the server responds with an error ( 500 sta…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1496Resource Hijacking
48%
“new python - based crypto - miner botnet flying under the radar f5 threat researchers have discovered a new linux crypto - miner botnet that is spreading over the ssh protocol. the botnet, which we ’ ve named pycryptominer : - is based on the python scripting language making it h…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.006Python
40%
“is fetched and executed from the c & c server, which is the main controller ( later referred to as the “ bot ” or “ client ” ) of the infected machine. figure 7 : spearhead python script figure 7 : spearhead python script the controller script creates a persistency on the infecte…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1102Web Service
39%
“c server, so when it is taken down, the attacker has no way to tell the botnet to switch to another c & c server. here, the attacker is using pastebin. com to publish an alternate c & c server address if the original one is unreachable. figure 2 : alternative c & c server address…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1595.002Vulnerability Scanning
38%
“to probe the target for potential exploitability to cve - 2017 - 12149, which was disclosed just a couple of months ago. it will send a request to the “ / invoker / readonly ” url via seven different tcp ports commonly used by jboss. if the server responds with an error ( 500 sta…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1496.001Compute Hijacking
38%
“new python - based crypto - miner botnet flying under the radar f5 threat researchers have discovered a new linux crypto - miner botnet that is spreading over the ssh protocol. the botnet, which we ’ ve named pycryptominer : - is based on the python scripting language making it h…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
33%
“new python - based crypto - miner botnet flying under the radar f5 threat researchers have discovered a new linux crypto - miner botnet that is spreading over the ssh protocol. the botnet, which we ’ ve named pycryptominer : - is based on the python scripting language making it h…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.