Tag: remote api
2 attack reports | 0 vulnerabilities
Attack reports
Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach
A malicious actor has been observed targeting Docker remote API servers to deploy the SRBMiner cryptominer for mining XRP cryptocurrency. The attacker utilizes the gRPC protocol over h2c (clear text HTTP/2 protocol) to evade security measures and execute cryptomining operations on Docker hosts. The…
Downloadable IOCs 2
Attackers Target Exposed Docker Remote API Servers With perfctl Malware
An unknown threat actor is exploiting exposed Docker Remote API servers to deploy the perfctl malware. The attack sequence involves probing the server, creating a Docker container with specific settings, and executing a Base64 encoded payload. The payload escapes the container, creates a bash scrip…
Downloadable IOCs 6