Tag: badpotato

3 attack reports | 0 vulnerabilities

Attack reports

DragonRank, a Chinese-speaking SEO manipulator service provider

Published: September 12, 2024

Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation.

Downloadable IOCs 35

plugx
black
mimikatz
badpotato
metasploit
2024-09-12
illusion
dragonrank
plugx loader
badiis malware
c cd

Analysis of CoinMiner Attacks Targeting Web Servers

Published: June 24, 2024

The report details two separate attack cases targeting a Korean medical institution's web server, resulting in the installation of CoinMiners. The targeted server was a Windows IIS server, likely with PACS software installed. In both attacks, web shells were uploaded, and system information was col…

Downloadable IOCs 59

xmrig
coinminer
privilege escalation
earthworm
badpotato
godpotato
2024-06-24
webshell
netcat
cpolar
fscan
printnotifypotato

Analysis of Coin Miner Attack Case Against Domestic Web Server

Published: June 18, 2024

ASEC has recently confirmed an attack on a domestic medical institution to install a coin miner. The web server that was targeted was a Windows IIS server, and the path name on which the web shell was uploaded suggests that it is a system with the Picture Archiving and Communication System (PACS) p…

Downloadable IOCs 10

xmrig
2024-06-18
godzilla
aspxspy
badpotato
CVE-2021-1732
coin miner
certutil
iis sever
caidao
chopper
behinder
godpotato
ringq

DragonRank, a Chinese-speaking SEO manipulator service provider

Published: September 12, 2024

Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation.

Downloadable IOCs 35

plugx
black
mimikatz
badpotato
metasploit
2024-09-12
illusion
dragonrank
plugx loader
badiis malware
c cd

Analysis of CoinMiner Attacks Targeting Web Servers

Published: June 24, 2024

The report details two separate attack cases targeting a Korean medical institution's web server, resulting in the installation of CoinMiners. The targeted server was a Windows IIS server, likely with PACS software installed. In both attacks, web shells were uploaded, and system information was col…

Downloadable IOCs 59

xmrig
coinminer
privilege escalation
earthworm
badpotato
godpotato
2024-06-24
webshell
netcat
cpolar
fscan
printnotifypotato

Analysis of Coin Miner Attack Case Against Domestic Web Server

Published: June 18, 2024

ASEC has recently confirmed an attack on a domestic medical institution to install a coin miner. The web server that was targeted was a Windows IIS server, and the path name on which the web shell was uploaded suggests that it is a system with the Picture Archiving and Communication System (PACS) p…

Downloadable IOCs 10

xmrig
2024-06-18
godzilla
aspxspy
badpotato
CVE-2021-1732
coin miner
certutil
iis sever
caidao
chopper
behinder
godpotato
ringq

DragonRank, a Chinese-speaking SEO manipulator service provider

Published: September 12, 2024

Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation.

Downloadable IOCs 35

plugx
black
mimikatz
badpotato
metasploit
2024-09-12
illusion
dragonrank
plugx loader
badiis malware
c cd

Analysis of CoinMiner Attacks Targeting Web Servers

Published: June 24, 2024

The report details two separate attack cases targeting a Korean medical institution's web server, resulting in the installation of CoinMiners. The targeted server was a Windows IIS server, likely with PACS software installed. In both attacks, web shells were uploaded, and system information was col…

Downloadable IOCs 59

xmrig
coinminer
privilege escalation
earthworm
badpotato
godpotato
2024-06-24
webshell
netcat
cpolar
fscan
printnotifypotato

Analysis of Coin Miner Attack Case Against Domestic Web Server

Published: June 18, 2024

ASEC has recently confirmed an attack on a domestic medical institution to install a coin miner. The web server that was targeted was a Windows IIS server, and the path name on which the web shell was uploaded suggests that it is a system with the Picture Archiving and Communication System (PACS) p…

Downloadable IOCs 10

xmrig
2024-06-18
godzilla
aspxspy
badpotato
CVE-2021-1732
coin miner
certutil
iis sever
caidao
chopper
behinder
godpotato
ringq
» Click here to see all Attack Reports «