SecureList

JUNE 5, 2023

It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. To do so, it performs a DNS request to don-dns[.]com com (a decrypted HEX string) through Google DNS (8.8.8.8,

Cryptocurrency 78

Cryptocurrency DNS Malware Encryption 78

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. The module that implements the warm capabilities was spotted scanning the internet and performing password brute-force attacks against Windows systems with SMB port open online.

DNS 126

DNS Cryptocurrency Internet Internet 126

Krebs on Security

MARCH 28, 2021

The group looks for attacks on Exchange systems using a combination of active Internet scans and “honeypots” — systems left vulnerable to attack so that defenders can study what attackers are doing to the devices and how. I’d been doxed via DNS. ” What was the subdomain I X’d out of his message?

Hacking 352

Hacking Cybercrime DNS Antivirus 352

Security Affairs

DECEMBER 19, 2022

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. .

DNS 96

DNS Antivirus Cryptocurrency Software 96

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. During that time, it had effectively evaded analysis and had previously been misclassified as a cryptocurrency miner.

Malware 107

Malware DNS Encryption Cryptocurrency 107

CyberSecurity Insiders

SEPTEMBER 21, 2021

The campaign uses multiple shell/batch scripts, new open source tools, a cryptocurrency miner, the TeamTNT IRC bot, and more. As of August 30, 2021, many malware samples still have zero antivirus (AV) detections and others have low detection rates. Windows component – Set up a cryptocurrency miner. Background.

Cryptocurrency 84

Cryptocurrency Malware Passwords Authentication 84

Security Affairs

APRIL 9, 2019

The installed payload actually is a Base64 encoded PE32 file, file-lessly stored within the registry hive to avoid antivirus detection. LimeRAT is a powerful Remote Administration Tool publicly available to any internet user, it is an open-source project freely available on Github. Keylogger module Backdoor and RDP access.

Malware 70

Malware Advertising DNS Antivirus 70