Security Affairs

JUNE 15, 2019

. “A batch file first executes the WinEggDrop scanner (s.exe), which tries port 2375 on various hosts with Chinese IP address ranges specified in the ip.txt file.” “The output of this command is saved into a file named ips.txt, which is then fed into the Docker.exe file. Pierluigi Paganini.

File names 103

File names Mining Access Communications 103

Security Affairs

APRIL 28, 2020

This directory contains the crypto mining module named kswapd0. In this folder, the first one to be executed is the file “a”. The script looks like the following: Figure 5: Content of the “a” file. The executed crypto miner is the file named “” kswapd0 ” based on the famous XMRIG monero crypto miner.

Mining 105

Mining File names Honeypots IT 105

Security Affairs

JUNE 5, 2019

Security experts at Trend Micro have discovered a new Monero cryptomining miner, dubbed BlackSquid, that is targeting web servers, network drives, and removable drives. “This malware, which we named BlackSquid after the registries created and main component file names, is particularly dangerous for several reasons.”

Mining 64

Mining File names Libraries IT 64

Security Affairs

FEBRUARY 28, 2019

Security expert Marco Ramilli analyzed a new piece of malware apparently designed to target PIK-Group that implements ransomware , Trojan, and Miner capabilities. So I clicked on the link (see IOC section) and I’ve downloaded a “pik.zip” file. According to zcashnetwork the attacker’s wallet received from mining activity 4.89

Ransomware 80

Ransomware Mining File names Encryption 80

Security Affairs

MAY 29, 2019

Security experts at Guardicore Labs uncovered a widespread cryptojacking campaign leveraging a malware dubbed Nansh0u. The payloads used in this campaign were droppers used to deliver a cryptocurrency miner to mine TurtleCoin cryptocurrency. The malicious code aimed at Windows MS-SQL and PHPMyAdmin servers worldwide.

File names 81

File names Mining Cybersecurity Security 81

Security Affairs

FEBRUARY 27, 2019

Security researchers at Cisco Talos are warning of a spike in attacks on unsecured Elasticsearch clusters to drop cryptocurrency miners. Cisco Talos experts have reported a spike in the attacks that leverage known flaws to compromise unsecured Elasticsearch clusters and use them to mine crypto-currencies. Pierluigi Paganini.

Search queries 91

Search queries Honeypots File names Mining 91

Security Affairs

JULY 22, 2020

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.

Mining 99

Mining File names Passwords Communications 99

Security Affairs

JULY 23, 2019

Recently, our threat monitoring operations pointed us to an interesting file named “ Lucio Dalla Discografia Completa ”: this file pretends to be a collection of the discography of a famous I talian singer, but it actually hides malicious intents. . Code Snippet 1: Copy of the files in a subfolder. tmp” and “64.tmp”,

Archiving 76

Archiving Mining File names Risk 76

Troy Hunt

JANUARY 16, 2019

If @1Password was to integrate with my newly released Pwned Passwords k-Anonymity model so you could securely check your exposure against the service (it'd have to be opt in, of course). My hope is that for many, this will be the prompt they need to make an important change to their online security posture. Oh wow - look at this!

Data breaches 112

Data breaches Passwords Risk Personal data 112

Troy Hunt

MARCH 3, 2021

Most organisation begin with "we take the security of your data seriously", layer on lawyer speak, talk about credit cards not being exposed and then promise to provide further updates as they come to hand. In total, the file has 43,015 unique email addresses (including mine) which is a far cry less than the total row count.

Passwords 145

Passwords Data breaches Mining Risk 145