Cryptomining botnet exploiting exposed Docker API
The botnet exploits exposed Docker API to drop and execute a shell-script as the initial payload: sha256 of cronb.sh: 7d7d0b4353401225e8da8424a7e1c5edaa091b256bdd48b7dcb158befca0b205 Attack Summary: disables AliBaba (Aliyun) Cloud monitor, SELINUX and AppArmor clears cron jobs kills competing malware and existing miners on victim host looks for SSH keys and AWS creds (Team-TNT code reuse) uses Diamorphine and […]
Cryptomining botnet exploiting exposed Docker API Read More »