Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Unpacking the Diicot Malware Targeting Linux Environments

Dec. 18, 2024, 12:11 p.m.

Tags
malware
linux
openssh
xmrig
persistence
cryptomining
brute-force
2024-12-17
reverse-shell
upx
External References
Description

A new malware campaign attributed to the Romanian-speaking Diicot threat group has been discovered targeting Linux systems. The campaign shows significant advancements compared to previous iterations, including modified UPX headers with corrupted checksums, advanced payload staging, and environment-specific behavior. The malware targets Linux machines running OpenSSH, exploiting weak credentials for access. It employs various techniques such as file obfuscation, reverse shell capabilities, persistence mechanisms, and command and control communication. The campaign also includes SSH brute force functionality and potential cryptojacking capabilities. The attackers have earned over $16,000 from Monero mining alone.

Date

Published: Dec. 17, 2024, 9:59 p.m.

Created: Dec. 17, 2024, 9:59 p.m.

Modified: Dec. 18, 2024, 12:11 p.m.

Indicators

766207c362bd73e2690f9d53c40104fbb22284e5b1fd0ef3a3a746a8179a6c47

2f2a0dbe8d190a3ce521cd494f46e74be061a2a2dd9d56586a12e88286fc54f4

724e3ba433f8330b1cb7a1ebcfe5bfaaf6382fd2d8b0afb5a0b65b11a4b438f0

26a7661e8b3832ad0ba1308e005019179e064c633fc4585199aa21eab006f2d1

d23491dd351f43f0efad5cee2be80c4049349a7695c0e7de1de632c791356183

c43e506c9b964dddf6fd784bf0cc78b4a2396f47257361dc22e1070e249eae16

bda2503fc02b11258399cfabd0778a997654b5bd7d30e5e3f5bef54a74b914e1

b351e3f475681ab2e8db5b2bbd2beaf26e5b4fd082ca08eba6fffbc76370113c

8891e7562eb4db253a8582376083ca99b19457680f9d36a5ba4108790740785e

7bcfcc90d0bd6c85b5b1cc9f287e161020571a0418afb50f2dd67685e9d3a4fc

716778bab5fb2c439a51362be5941a50d587714d58a6faa39eefa96aa79c1561

564b21c293bc9d0885dc7a87dbf488a497c98d2103d91f5bbcfdb476eb8b6f4c

4dce8b3beba71b8b44b6576ff2497ed68c6fafebd046822f0d60f8758238e900

01082cd4733e5f3e2c3f642fa6c0afb5a9489d39ff26a35549263fc0e02ebad3

87.120.116.35

91.92.250.6

185.112.249.20

80.76.51.5

87.120.114.219

87.120.116.242

http://test.digitaldatainsights.org:7777

http://digital.digitaldatainsights.org/.x/black3

http://80.76.51.5/.NzJjOTY/kuak

http://80.76.51.5/.NzJjOTY/.diicot

http://80.76.51.5/.NzJjOTY/.balu

http://slackforbusiness.net/main.php

http://slackforbusiness.net/api.php

web.digitaldatainsights.org

test.digitaldatainsights.org

digital.digitaldatainsights.org

pauza.digitaldatainsights.org

slackcomtop.aab-e-pak.com

wooofi.com

slackforbusiness.net

nextnovatech.com

macpaw.us

Download all indicators here!

Attack Patterns

XMRig

Diicot

T1053.003

T1110.001

T1027.002

T1071.001

T1041

Additional Informations

Romania