Analysis, File names and Mining - Information Management Today

Analysis

File names

Mining

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

NOVEMBER 26, 2019

The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide. Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. ”reads the analysis published by Microsoft.

File names

File names Encryption Mining Security

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . ” reads the analysis published by Avast. The final stage of the Crackonosh attack chain is the installation of the coinminer XMRig to mine the Monero (XMR) cryptocurrency.

Mining

Mining File names Security IT

Join 55,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Trending Sources

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

Security Affairs

APRIL 23, 2021

” reads the analysis published by Trend Micro. The botnet is currently involved in cryptocurrency mining activity, it delivers the XMRig Monero (XMR) miner onto the infected machines. “We also discovered that most of the proxy servers used have open services with multiple vulnerabilities. . for spreading.

Mining

Mining File names IT Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

APRIL 30, 2020

Experts observed an ongoing coin miner campaign that injects a malicious VBScript into ZIP files posing as movie downloads. The campaign primarily targets users in Spain and South American countries, aims to launch a coin-mining shellcode directly in memory. ” reads the Tweet published by the Microsoft Security Intelligence team.

Mining

Mining File names Risk Cybersecurity

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

Security Affairs

JANUARY 4, 2019

” reads the analysis published by F-Secure. The new version of NRSMiner updates existing infections by downloading new modules and removing files and services installed by old previous versions. . ” continues the analysis. One of the unzipped files named svchost.exe is the Eternalblue – 2.2.0

Mining

Mining File names Access IT

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

Technical analysis. The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? Table 1: shade ransomware informations.

Ransomware

Ransomware Mining File names Encryption

Crooks exploit exposed Docker APIs to build AESDDoS botnet

Security Affairs

JUNE 15, 2019

” reads the analysis published by Trend Micro. “A batch file first executes the WinEggDrop scanner (s.exe), which tries port 2375 on various hosts with Chinese IP address ranges specified in the ip.txt file.” launching DDoS attacker, mining cryptocurrency, etc.). .” ” states the report.

File names

File names Mining Access Communications

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

APRIL 28, 2020

Now, Shellbot has re-appeared in the threat landscape in a recent campaign, targeting organizations worldwide with a new IRC server and new Monero pools, so we decided to deepen the analysis. Technical Analysis. This directory contains the crypto mining module named kswapd0. The initial script is the file named “ a ”.

Mining

Mining File names Honeypots IT

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Security Affairs

JUNE 5, 2019

“This malware, which we named BlackSquid after the registries created and main component file names, is particularly dangerous for several reasons.” “Simultaneous with its attacks, BlackSquid also downloads and executes two XMRig cryptocurrency-mining components.! continues the analysis.

Mining

Mining File names Libraries IT

Multiple threat actors are targeting Elasticsearch Clusters

Security Affairs

FEBRUARY 27, 2019

Cisco Talos experts have reported a spike in the attacks that leverage known flaws to compromise unsecured Elasticsearch clusters and use them to mine crypto-currencies. “Through ongoing analysis of honeypot traffic, Talos detected an increase in attacks targeting unsecured Elasticsearch clusters.

Search queries

Search queries Honeypots File names Mining

Ransomware, Trojan and Miner together against “PIK-Group”

Security Affairs

FEBRUARY 28, 2019

When an unknown sender suggests me to click on a super wired url , dropping a ZIP file straight in my box, by saying it’s getting the next targeted attack on a huge company, well I kinda looking forward to it! So I clicked on the link (see IOC section) and I’ve downloaded a “pik.zip” file. You might want to checkout more here.

Ransomware

Ransomware Mining File names Encryption

Nansh0u campaign already infected 50,000 MS-SQL and PHPMyAdmin Servers

Security Affairs

MAY 29, 2019

” continues the analysis. The payloads used in this campaign were droppers used to deliver a cryptocurrency miner to mine TurtleCoin cryptocurrency. Experts observed many payloads dropping a kernel-mode driver using ransom file names and placed them in AppData/Local/Temp.

File names

File names Mining Cybersecurity Security

Experts spotted P2P worm spreading Crypto-Miners in the wild

Security Affairs

JULY 23, 2019

Recently, our threat monitoring operations pointed us to an interesting file named “ Lucio Dalla Discografia Completa ”: this file pretends to be a collection of the discography of a famous I talian singer, but it actually hides malicious intents. . Technical Analysis. Code Snippet 1: Copy of the files in a subfolder.

Archiving

Archiving Mining File names Risk

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

JULY 22, 2020

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.

Mining

Mining File names Passwords Communications

Gab Has Been Breached

Troy Hunt

MARCH 3, 2021

For the most part I thought my analysis was pretty objective and Gab (whose account seems to simply be the mouthpiece of their CEO, Andrew Torba) hasn't really made it clear which bit they disagreed with, so let's solider on and objectively look at the data just like with any other data breach. Coincidence? Or real breach?

Passwords

Passwords Data breaches Mining Risk

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Webinars

Trending Sources

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

Webinars

Crooks spread malware via pirated movies during COVID-19 outbreak

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

The Long Run of Shade Ransomware

Crooks exploit exposed Docker APIs to build AESDDoS botnet

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Multiple threat actors are targeting Elasticsearch Clusters

Ransomware, Trojan and Miner together against “PIK-Group”

Nansh0u campaign already infected 50,000 MS-SQL and PHPMyAdmin Servers

Experts spotted P2P worm spreading Crypto-Miners in the wild

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Gab Has Been Breached

Stay Connected