About The Project Today we’re going to look at a couple neat curl tricks I found in a recent bash dropper I was analyzing that resulted in surprisingly low VirusTotal detentions! As previously blogged about([1][2][3]), Arch Cloud Labs runs a handful of honeypots to collect attacker data to hone my skills in DFIR topics . While this was just another Cryptominer targeting an exposed docker socket, the initial dropper script used a neat trick with curl that I think was worth a quick write up.| Arch Cloud Labs
About The Project Continuing from the last blog post that discussed malicious Linux Cryptocurrency miners, I have discovered new activity that blends two of my previous Cryptocurrency mining malware (aka Cryptojacking) blog posts. By taking a deeper look at infrastructure, and code artifacts some interesting parallels can be drawn between the same actor(s) that Trend Micro refers to as Skidmap and another Golang Cryptojacking malware variant that Palo Alto has just recently deemed “Watchdog...| Arch Cloud Labs