Remove Communications Remove File names Remove Mining
article thumbnail

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

JULY 22, 2020

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.

Mining 303
Mining File names Passwords Communications 303
article thumbnail

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Security Affairs

JUNE 24, 2024

Over the past year, ExCobalt targeted Russian organizations in the the following industries: Metallurgy Telecommunications Mining Information technology Government Software development The Cobalt’s hallmark was the use of the CobInt tool , the same tool that ExCobalt began using in 2022.

File names 297
File names Communications Mining Archiving 297
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Security Affairs

JULY 11, 2024

The botnet shell script downloads an ELF file named “pty3” from a different IP address, likely a sample of Muhstik malware. top, which was observed in Muhstik botnet activities, and communicates via Internet Relay Chat. The script also cleans up the temporary files for obfuscation.

Honeypots 347
Honeypots File names Mining IoT 347
article thumbnail

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

APRIL 28, 2020

This directory contains the crypto mining module named kswapd0. In this folder, the first one to be executed is the file “a”. The script looks like the following: Figure 5: Content of the “a” file. The executed crypto miner is the file named “” kswapd0 ” based on the famous XMRIG monero crypto miner.

Mining 334
Mining File names Honeypots IT 334
article thumbnail

Crooks exploit exposed Docker APIs to build AESDDoS botnet

Security Affairs

JUNE 15, 2019

“In this new attack, the threat actor first externally scans a given IP range by sending a TCP SYN packet to port 2375, the default port used for communicating with the Docker daemon.” “The output of this command is saved into a file named ips.txt, which is then fed into the Docker.exe file.

File names 279
File names Mining Access Communications 279
article thumbnail

Perfectl Malware

Schneier on Security

OCTOBER 14, 2024

The researchers are calling the malware Perfctl, the name of a malicious component that surreptitiously mines cryptocurrency. The unknown developers of the malware gave the process a name that combines the perf Linux monitoring tool and ctl, an abbreviation commonly used with command line tools.

Mining 104
Mining File names Government Communications 104
article thumbnail

Gab Has Been Breached

Troy Hunt

MARCH 3, 2021

This (almost always) identifies you, it's literally how people communicate with *you*! In total, the file has 43,015 unique email addresses (including mine) which is a far cry less than the total row count. This appears to be precisely what the file name suggests - statuses posted to Gab. Coincidence?

Passwords 145
Passwords Data breaches Mining Risk 145
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 

Stay Connected

Join 55,000+ Insiders by signing up for our newsletter

About
Webinars
Awards
About
Editions
Webinars
Awards
Editions
Topics
Twitter
Powered by Aggregage | Terms and Conditions | Your California Rights and Privacy Policy | Cookie Settings
© Aggregage 2025