search

timb-machine / linux-malware

Tracking interesting Linux (and UNIX) malware. Send PRs
The Unlicense
1.1k stars 91 forks source link

[Intel]: https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/ #778

Open timb-machine opened 6 months ago

timb-machine commented 6 months ago

Area

Malware reports

Parent threat

Reconnaissance, Initial Access, Persistence, Privilege Escalation, Defense Evasion, Impact

Finding

https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/

Industry reference

attack:T1496:Resource Hijacking uses:k8s attack:T1140:Deobfuscate/Decode Files or Information uses:Python attack:T1611:Escape to Host attack:T1562.008:Disable or Modify Cloud Logs attack:T1027.004:Compile After Delivery attack:T1547.006:Kernel Modules and Extensions attack:T1574.006:Dynamic Linker Hijacking uses:ProcessTreeSpoofing attack:T1190:Exploit Public-Facing Application attack:T1595.002:Vulnerability Scanning uses:ModifyServerShell delivery:Redis uses:Redis

Malware reference

XMRig Diamorphine libprocesshider Pnscan Zgrab Masscan

Actor reference

Kiss-A-Dog TeamTNT

Component

Linux

Scenario

Cloud hosted services