Security Affairs

MARCH 17, 2022

The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. ” reads the analysis published by the experts. ” continues the analysis. Follow me on Twitter: @securityaffairs and Facebook.

Honeypots 129

Honeypots File names Communications Encryption 129

Security Affairs

JANUARY 16, 2023

One of the 360Netlab’s honeypot caught a suspicious ELF file on October 2021, the experts reported that the malware was spread by exploiting F5 zero-day exploit. Additional analysis revealed that the malware borrows code from the Hive project that was leaked in 2017 as part of Vault 8 series. . Pierluigi Paganini.

Honeypots 94

Honeypots Communications Encryption Authentication 94

Security Affairs

FEBRUARY 21, 2024

One of the honeypots used by Cado was targeted by an attack originating from the IP 103[.]79[.]118[.]221 Researchers believe that the Migo developers possess knowledge of the malware analysis process, implementing extra measures to obscure symbols and strings within the pclntab structure, thereby complicating reverse engineering.

Mining 105

Mining Honeypots Cloud Ransomware 105

Security Affairs

DECEMBER 12, 2021

Researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. The analysis of the ELF sample revealed that it supports DDoS and backdoor commands. ” reads the post published by NetLab 360.

Honeypots 137

Honeypots Libraries Authentication Passwords 137

Security Affairs

NOVEMBER 7, 2020

Renato Marinho, a security researcher at Morphus Labs and SANS ISC handler reported that the WebLogic honeypots he set up were targeted by a large number of scans for CVE-2020–14882. “Starting late last week, we observed a large number of scans against our WebLogic honeypots to detect if they are vulnerable to CVE-2020–14882.”

Ransomware 89

Ransomware Honeypots Mining Security 89

Security Affairs

DECEMBER 13, 2021

A few hours ago, researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. ” reads the analysis published by Microsoft. The attempts were carried out by Muhstik and Mirai botnets in attacks aimed at Linux devices.

Mining 118

Mining Honeypots Libraries IT 118

Security Affairs

SEPTEMBER 19, 2022

In the first week of September, AquaSec researchers identified at least three different attacks targeting their honeypots, the experts associated them with the cybercrime gang TeamTNT. ” reads the analysis published by AquaSec. be on IP 93[.]95[.]229[.]203).”

Encryption 95

Encryption Honeypots Mining Communications 95

Security Affairs

DECEMBER 25, 2018

Experts at Bad Packets observed a scan targeting their honeypot, further investigation allowed them to discover that they were leaking the local network access details. “On Friday, December 21, 2018, our honeypots observed an interesting scan consisting of a GET request for /get_getnetworkconf.cgi. ” continues the analysis.

Honeypots 85

Honeypots Passwords Access Security 85

Security Affairs

NOVEMBER 21, 2019

In October one of the honeypots of the company captured the bot, its downloader , and some bot modules. “Fast forwarded to October 11, 2019, our Anglerfish honeypot captured another suspicious ELF sample, and it turned out to be the Downloader of the previous suspicious ELF sample.” ” reads the analysis.

Honeypots 80

Honeypots Systems administration Passwords IoT 80

Security Affairs

OCTOBER 2, 2020

Once a connection is established, the malware will check the presence of a honeypot by comparing the hostname of the attacked server to the string “svr04”, which is the default hostname of Cowrie SSH honeypot. ” continues the analysis. ” reads the Intezer’s report. ” concludes Intezer.

Honeypots 132

Honeypots Passwords Communications Security 132

Security Affairs

NOVEMBER 8, 2019

The popular expert Kevin Beaumont observed some of its EternalPot RDP honeypots crashing after being attacked. huh, the EternalPot RDP honeypots have all started BSOD'ing recently. They only expose port 3389. pic.twitter.com/VdiKoqAwkr — Kevin Beaumont (@GossiTheDog) November 2, 2019.

Honeypots 67

Honeypots Mining Analytics Ransomware 67

Security Affairs

DECEMBER 1, 2022

Among the data they receive, they now know which server’s version is vulnerable to CVE-2022-0543 (As we explained earlier, the honeypot was built with this vulnerability on purpose). ” reads the analysis published by AquaSec. Threat actors simulate Redis communication over port 6379 to evade detection.

Libraries 142

Libraries Honeypots Communications Cybersecurity 142

Security Affairs

JANUARY 10, 2022

. “Our continued analysis on this malware family reveals a clear link with the Xanthe-based cryptojacking campaign discovered by Cisco’s Talos security research team in late 2020. Researchers at Talos discovered malware resembling a cryptocurrency mining bot when they were alerted to an intrusion on one of their Docker honeypots.”

Mining 87

Mining Honeypots Cloud Security 87

Security Affairs

MAY 8, 2019

Marinho noticed some attacks hit one of his honeypots attempting to exploit this Jenkins vulnerability to deliver the Kerberods cryptominer. ” reads the analysis published by Marinho. . “After analyzing the threat which attacked one of my honeypots, I created the diagram shown in the picture below. .

Honeypots 86

Honeypots Libraries IT Access 86

Security Affairs

AUGUST 8, 2021

” reads the analysis. “When ZDI release the advisories about these bug, I decided to analysis this chain for learning purpose. Firstly, I just want to tell that I respect your hard work and the contribution of you to cybersecurity which inspired me many years ago.

Honeypots 116

Honeypots Cybersecurity Access Security 116

Security Affairs

JANUARY 21, 2020

In a few days back, the MalwareMustDie team’s security researcher unixfreaxjp has published a new Linux malware analysis of Fbot that has focused on the decryption of the last encryption logic used by its bot client. What had happened now is the re-emerged of the SATORI Mirai variant basis with the payload called Fbot. [.

IoT 130

IoT Honeypots Encryption IT 130

Security Affairs

NOVEMBER 21, 2018

Netscout observed tens of thousands of exploit attempts daily targeting it honeypots, in November attackers attempted to deliver some 225 unique malicious payloads exploiting the Hadoop YARN vulnerability. ” reads the analysis published by the experts.

Honeypots 87

Honeypots IoT Passwords Security 87

Security Affairs

DECEMBER 1, 2020

” states the analysis published by Juniper Threat Labs experts. DarkIRC authors used a crypter to avoid detection, it includes anti-analysis and anti-sandbox features. . “Juniper Threat Labs is seeing active attacks on Oracle WebLogic software using CVE-2020-14882. c25e6559668942[.]xyz.

Honeypots 97

Honeypots Ransomware Security IT 97

Security Affairs

JULY 22, 2023

Internet-wide sweeps seen by over 700 of our IKEv2 aware honeypot sensors, since May 26th. Analysis conducted by FortiGuard Labs has identified a significant increase in attack bursts starting from May.” Zyxel firewalls CVE-2023-28771 (pre-auth remote command OS injection) is being actively exploited to build a Mirai-like botnet.

Honeypots 97

Honeypots IoT Risk IT 97

Security Affairs

FEBRUARY 27, 2019

. “Through ongoing analysis of honeypot traffic, Talos detected an increase in attacks targeting unsecured Elasticsearch clusters. ” reads the analysis published by Talos. ” reads the analysis published by Talos.

Search queries 84

Search queries Honeypots File names Mining 84

eSecurity Planet

APRIL 14, 2023

Bot protection can be implemented through a variety of methods, including CAPTCHA tests, IP rate limiting, behavioral analysis, and machine learning algorithms. The company offers real-time detection and mitigation of bots using behavioral analysis and machine learning algorithms.

Analytics 92

Analytics Cloud Honeypots e-Delivery 92

Security Affairs

NOVEMBER 5, 2018

” reads the analysis published by TrendMicro. The analysis of command and control (C&C) traffic allowed the security researchers finding the IRC channels’ information and discovered that at the first infection 142 hosts were present in the IRC channel.

IoT 93

IoT Honeypots Communications Security 93

Security Affairs

SEPTEMBER 22, 2018

In my previous post I discussed the initial prototyping of a Docker Honeypot / Sandbox called Whaler. The campaign has gone largely unnoticed until a recent blog published by 360totalsecurity which prompted me to finally write-up the analysis. Whaler – attack types and analysis. Pcap analysis of Ngrok attack.

Mining 91

Mining Honeypots Security Cloud 91

Security Affairs

NOVEMBER 11, 2019

The Cyber Incident Management Arrangements (CIMA) will remain active despite the alert has been downgraded to Level 4 – ‘Lean Forward,’ (CIMA Level 4 requests a precautionary approach through increasing monitoring, analysis, and strategic coordination and engagement at the national level). They only expose port 3389.

Honeypots 61

Honeypots Mining Security Ransomware 61

Security Affairs

OCTOBER 23, 2018

” reads the analysis from Sophos Labs. These types of simple attacks on our honeypots are quite common, but what made this stand out was the libsdes sample.” ” continues the analysis. Further details, including IoCs are reported in the analysis published by Sophos.

IoT 80

IoT Honeypots Encryption Passwords 80

Security Affairs

DECEMBER 23, 2018

The attacker does not need to attempt a failed login anymore, or encounter a generic honeypot which doesn’t have this flag. Oct 1, 18: Huawei completes analysis and mentions it is consulting with their customers on how to resolve it. . “How Easy CVE-2018-7900 Makes It Easy to Hack These Devices” continues the expert.

IoT 89

IoT Honeypots Passwords Communications 89

Security Affairs

JANUARY 19, 2020

In my Citrix ADC honeypot, CVE-2019-19781 is being probed with attackers reading sensitive credential config files remotely using./ This lets the actor regain access to the vulnerable device at a later time,” continues the analysis. . directory traversal (a variant of this issue).

Honeypots 88

Honeypots Access Security Risk 88

Security Affairs

JUNE 1, 2019

” reads the analysis published by Trend Micro. The analysis of the logs and traffic data coming to and from the honeypot , revealed that the attackers used a container from a public Docker Hub repository named zoolu2. It then uses Docker commands (POST /containers/create) to remotely create the malicious container.

Mining 91

Mining Honeypots Cloud Passwords 91

Security Affairs

APRIL 6, 2019

“Over the last three months, our honeypots have detected DNS hijacking attacks targeting various types of consumer routers.” Further technical details, including IoCs, are reported in the analysis published by Bad Packets: [link]. ” reads the report published by Bad Packets.

Honeypots 109

Honeypots Cloud Security Access 109

eSecurity Planet

SEPTEMBER 24, 2021

The list of tools and features included with InsightIDR include: User and entity behavior analytics (UEBA) Endpoint detection and response (EDR) Network traffic analysis (NDR) Centralized log management Automated policy capabilities Visual investigation timeline Deception technology File integrity monitoring (FIM).

Analytics 107

Analytics Cloud Cybersecurity Honeypots 107

Security Affairs

JUNE 22, 2019

” reads the analysis published by Trend Micro. The malicious code attempt to determine if it is running in a honeypot , then it downloads the payload and changes its permission settings to allow its execution. ” continues the analysis. The script for a. By adding the additional record “0.0.0.0

Mining 65

Mining Honeypots Authentication Communications 65

Security Affairs

MAY 14, 2019

So, I came up with this blog post and this GitHub repository where I proposed a new testing-set based on a modified version of Malware Instruction Set for Behavior-Based Analysis , also referred as MIST. The original post along many other interesting analysis are available on the Marco Ramilli blog: [link].

Artificial Intelligence 67

Artificial Intelligence Computer and Electronics Honeypots Cybersecurity 67

The Security Ledger

AUGUST 20, 2018

Dave recently completed an analysis of Twitter bot data. When the firm Cyberreason set up a honeypot network designed to look just like a functioning industrial control system environment, they were expecting to attract a few flies. survivalist groups. ” Check out our full conversation in this week’s podcast.

Honeypots 40

Honeypots Military Analytics Sales 40

Security Affairs

APRIL 28, 2020

Now, Shellbot has re-appeared in the threat landscape in a recent campaign, targeting organizations worldwide with a new IRC server and new Monero pools, so we decided to deepen the analysis. Technical Analysis. Technical details, including IoCs and Yara Rules, are available in the analysis published in the Yoroi blog.

Mining 100

Mining File names Honeypots IT 100

Security Affairs

MAY 25, 2019

The experts discovered the attacks because they hit one of the company’s honeypots that emulates MySQL listening on the default TCP port 3306. The analysis of the DLL revealed it is used to add the xpdl3, xpdl3_deinit , and xpdl3_init functions to the database. ” reads the analysis published by Sophos.

Ransomware 95

Ransomware Honeypots Security Cybersecurity 95

Security Affairs

MAY 26, 2023

The researchers first gathered a Dark Frost binary sample on February 28, 2023, that targeted one of its HTTP honeypots. The analysis of the bot revealed that the malware supports eight total attacks, including UDP and TCP, and more curious ones, such as zgoflood. ” reads the analysis published by Akamai. .

Honeypots 93

Honeypots Cybersecurity Security IT 93

Threatpost

NOVEMBER 24, 2020

Blackrota is targeting a security bug in Docker, but is nearly impossible to reverse-analyze.

Security 128

Security Honeypots Access Ransomware 128