![]() The payload delivered causes the vulnerable machine to download and execute a malicious shell-script. The infection starts with the exploitation of a Remote Code Execution (RCE) vulnerability. ![]() In this post, we examine how this data is used by their campaign to help distribute their malware, ensure persistence, and likely serve as an uncensorable defense against take-down efforts, as well as the concerning implications of these findings. The operators of a long-running crypto-mining botnet campaign began creatively disguising their backup C2 IP address on the Bitcoin blockchain. ![]() Recent infection attempts against Akamai SIRT's custom honeypots uncovered an interesting means of obfuscating command and control (C2) infrastructure information. It's a simple, yet effective, way to defeat takedown attempts. A recent piece of malware from a known crypto mining botnet campaign has started leveraging Bitcoin blockchain transactions in order to hide its backup C2 IP address.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |