AT&T Cybersecurity has conducted a technical analysis of the common malicious implants used by threat actors targeting vulnerable Exim, Confluence and WebLogic servers.
AT&T Cybersecurity has conducted a technical analysis of the common malicious implants used by threat actors targeting vulnerable Exim, Confluence and WebLogic servers. Upon exploitation, malicious implants are deployed on the compromised machine. While most of the attacks described are historical, we at AT&T Cybersecurity are continuing to see new attacks, which can be further researched here.
The main goal of the malicious implants thus far has been mining Monero cryptocurrency. For the complete, detailed analysis of how an active cryptomining worm works, including scripts, click here.
This guest blog is part of a Channel Futures sponsorship.
From https://mymarketlogic.com/blog/anatomy-of-an-active-cryptomining-worm/