About The Project Today we’re going to look at a couple neat curl tricks I found in a recent bash dropper I was analyzing that resulted in surprisingly low VirusTotal detentions! As previously blogged about([1][2][3]), Arch Cloud Labs runs a handful of honeypots to collect attacker data to hone my skills in DFIR topics . While this was just another Cryptominer targeting an exposed docker socket, the initial dropper script used a neat trick with curl that I think was worth a quick write up.
