Tag: tor

5 Attack Reports | 0 Vulnerabilities

Attack reports

Cyberattack: UAC-0125 using the theme "Army+" (CERT-UA#12559)

A cyber attack attributed to UAC-0125 has been identified, involving websites mimicking the official 'Army+' app page. These sites, hosted on Cloudflare Workers, prompt users to download a malicious executable. The EXE file, an NSIS installer, contains a decoy .NET file, Python interpreter, Tor fil…
sandworm
openssh
cloudflare workers
nsis
tor
2024-12-20
apt44
uac-0125
army+
Published: December 20, 2024
Downloadable IOCs: 6

Raspberry Robin Analysis

Raspberry Robin, a malicious downloader discovered in 2021, has been circulating for years, primarily spreading through infected USB devices. It stands out due to its unique binary-obfuscation techniques, extensive use of anti-analysis methods, and privilege escalation exploits. The malware uses mu…
obfuscation
privilege-escalation
anti-analysis
tor
2024-11-19
raspberry robin
usb-spreading
network-propagation
CVE-2024-26229
CVE-2021-31969
Published: November 19, 2024
Linked vulnerabilities : CVE-2021-31969, CVE-2024-26229
Downloadable IOCs: 126

Unmasking Prometei: A Deep Dive Into MXDR Findings

This analysis examines the Prometei botnet's infiltration of a customer's system through a targeted brute force attack. Leveraging Trend Vision One, the investigation traced the botnet's detailed installation routine and stealthy tactics. Prometei, a modular malware family used for cryptocurrency m…
botnet
credential theft
lateral movement
dga
web shell
tor
cryptocurrency mining
2024-10-23
prometei
CVE-2021-27065
CVE-2021-26858
CVE-2019-0708
Published: October 23, 2024
Downloadable IOCs: 0

perfctl: A Stealthy Malware Targeting Millions of Linux Servers

A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
linux
rootkit
evasion
privilege-escalation
persistence
cryptomining
CVE-2023-33246
2024-10-04
tor
CVE-2021-4043
proxy-jacking
perfctl
Published: October 4, 2024
Linked vulnerabilities : CVE-2023-33246, CVE-2021-4034, CVE-2021-4043
Downloadable IOCs: 9

From Automation to Exploitation: The Growing Misuse of Selenium Grid for Cryptomining and Proxyjacking

Two campaigns targeting Selenium Grid, a popular web testing tool, have been identified. The attacks exploit misconfigured instances lacking authentication to deploy cryptominers and proxyjacking tools. The first campaign injects a base64 encoded Python script to download and execute a reverse shel…
cryptomining
vulnerability exploitation
2024-09-17
tor
proxyjacking
perfcc
iproyal pawns
gsocket
traffmonetizer
selenium grid
Published: September 17, 2024
Linked vulnerabilities : CVE-2021-4043
Downloadable IOCs: 18
Click here to see more Attack Reports