Unmasking Prometei: A Deep Dive Into MXDR Findings
Oct. 24, 2024, 10:21 a.m.
Tags
External References
Description
This analysis examines the Prometei botnet's infiltration of a customer's system through a targeted brute force attack. Leveraging Trend Vision One, the investigation traced the botnet's detailed installation routine and stealthy tactics. Prometei, a modular malware family used for cryptocurrency mining and credential theft, spreads by exploiting vulnerabilities and using PowerShell scripts. The botnet downloads compressed archives containing various components to maintain control over infected devices. Key findings include the use of a domain generation algorithm for command and control, deployment of web shells, and connections to the Tor network. The threat actors behind Prometei are likely Russian-speaking individuals, as evidenced by language settings and targeting behaviors.
Date
Published: Oct. 23, 2024, 5:36 p.m.
Created: Oct. 23, 2024, 5:36 p.m.
Modified: Oct. 24, 2024, 10:21 a.m.
Attack Patterns
Prometei
Prometei
T1021.002
T1569.002
T1021.001
T1018
T1059.001
T1572
T1095
T1016
T1082
T1057
T1105
T1083
T1071
T1047
T1053
T1041
T1190
T1133
T1078
T1003
Additional Informations
Technology
Finance
Government
Indonesia
Brazil