About The Project Continuing from the last blog post that discussed malicious Linux Cryptocurrency miners, I have discovered new activity that blends two of my previous Cryptocurrency mining malware (aka Cryptojacking) blog posts. By taking a deeper look at infrastructure, and code artifacts some interesting parallels can be drawn between the same actor(s) that Trend Micro refers to as Skidmap and another Golang Cryptojacking malware variant that Palo Alto has just recently deemed “Watchdog...| Arch Cloud Labs
About the Project Since July of 2020, I have been running a “honeypot” of sorts made by anthok to capture all requests coming in on specific ports. By listening on ports commonly used by databases such as Elasticsearch or Redis, we’ve been able to observe a lot of bot behavior. Most of the requests resulted in trying to gain an initial foothold onto the environment to run a bash script to bring down their stage-1 malware.| Arch Cloud Labs
About The Project Given the recent news of the Meow attacks, I was curious about obtaining malware data related to Elasticsearch attacks. I’m a huge fan of Elasticsearch and use it heavily in my side-projects. I’m aware of the dangers of exposing a fresh database install on the open internet. So I simply set up a netcat listener and redirected the output to a file. I was pleasantly surprised at how successful this was.| Arch Cloud Labs