About The Project Last week I looked at a Cryptojacking campaign that leveraged a curl trick in the bash dropper to resolve IPv4 addresses from large integers values. Revisiting the bash dropper, I discovered the threat actor has updated the script to download and execute a command-and-control payload called “Termite” from the Platypus Github project. This blog walks through the analysis of termite agent, and how to statically identify the upstream IPv4 address in use.
