“class b. then it targets banks and starts port scanning to see if ports 80, 20, 8090, and 6397 are open. next, a malicious request is sent, instructing vulnerable servers to download a specific payload from pastebin. com. web applications exploits as mentioned in the previous sec…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1496.001Compute Hijacking
76%
“13. 1 is used to mine monero cryptocurrency the malware is mining xmr using the cryptonight algorithm and submits hashes to several public pools. at the time of this writing, this operation had earned the attacker less than $ 2, 000 usd. however, this information is based only on…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
57%
“new golang malware is spreading via multiple exploits to mine monero - f5 researchers uncovered a cryptominer campaign delivering new golang malware that targets linux - based servers. - golang malware is not often seen in the threat landscape ; it was first seen to mid - 2018 an…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1053.003Cron
57%
“. assembly code from the binary showing the malware attempts to connect to the redis database. if this is unsuccessful, the malware tries to enumerate seven common passwords ( for redis databases, usernames are not needed ). the passwords are : - admin - redis - root - 123456 - p…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.004Unix Shell
56%
“bash script once the malware has obtained a foothold on a target system using any of these techniques, the vulnerable server is directed to execute a command to make a request to pastebin. com, download data, and decode it using base64 encoding scheme and execute it. the download…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1053.003Cron
51%
“##zip files into the same hidden / tmp /. mysqli directory. this is notable for a few reasons. first, the hidden folder makes it less likely a user will see it, and the files it downloads have misleading names like the popular “ mysql ” database. second, this is somewhat unconven…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
41%
“it attempts make it unique from the start, while unsophisticated, the author is attempting the quantity over quality model, searching for one way into a system. unique threat campaigns and malware are just some of the threat vectors that f5 labs continually monitors. check back o…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.004Unix Shell
35%
“. assembly code from the binary showing the malware attempts to connect to the redis database. if this is unsuccessful, the malware tries to enumerate seven common passwords ( for redis databases, usernames are not needed ). the passwords are : - admin - redis - root - 123456 - p…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A newcomer to the malware scene, Golang-based malware has been seen installing cryptominers specifically targeting Moreno cryptocurrency.