🐧 Network traffic always comes in handy when analyzing #Linux #malware
Check out hands-on guide on how to detect C2 calls, data theft, and DDoS attacks
Examples include #Mirai and #Gafgyt botnets 👇
https://any.run/cybersecurity-blog/network-traffic-analysis-in-linux/?utm_source=mastodon&utm_medium=post&utm_campaign=network_traffic_linux&utm_term=250225&utm_content=linktoblog
MalwareBazaar will now parse shell scripts automatically and will try to identify any payload URLs present in it 📄🔍👁️ This will make your life easier when hunting for Linux/Unix malware such as #Mirai and #Gafgyt 💪
Here's an example:
👉 https://bazaar.abuse.ch/sample/ec46f105b049d6674acbf45639883623f2f1cb3eed50eedb4b0e25a27a7b67e2/
A new #Gafgyt botnet variant is exploiting weak SSH passwords to mine #cryptocurrency using compromised GPU power.
https://thehackernews.com/2024/08/new-gafgyt-botnet-variant-targets-weak.html
Secure your servers now—implement strong SSH passwords and continuous monitoring.
Fortinet warns that multiple botnets continue exploiting CVE-2023-1389 (8.8 high, disclosed 15 March 2023, added to CISA's KEV Catalog 01 May 2023) TP-Link command injection for wide-scale spread. Botnets include Moobot, Miroi, the Golang-based agent “AGoent,” and the Gafgyt Variant. The blog post explores their infection traffic patterns and offer insights into these botnets. 🔗 https://www.fortinet.com/blog/threat-research/botnets-continue-exploiting-cve-2023-1389-for-wide-scale-spread
#CVE_2023_1389 #TPLink #eitw #activeexploitation #botnet #moobot #miroi #agoent #mirai #gafgyt #threatintel #IOC
Researchers warn that the Gafgyt botnet is actively exploiting a vulnerability impacting the end-of-life Zyxel P660HN-T1A router. A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel P660HN-T1A router. The flaw is a command injection vulnerability that resides in the Remote System Log […]
Our Malware study for the calendar year 2022 is out!
Headline: Interisle reports that malware hosting activity in 2022 was most intense in China, India and United States
Information stealing and ransomware continue to rise, as does misuse of cloud and file sharing services for malware distribution. Also...
• Endpoint malware activity increased 50% over 2021. The Quackbot banking trojan was the most reported endpoint malware.
• IoT malware activity decreased in 2022. Mozi IoT malware reporting sharply declined in early 2022 but showed signs of renewed activity in 4Q 2022.
• 60% of reports identified malware that attacks or probes legitimate web sites. Nearly two-thirds of the reported probes were vulnerability scanners. PHP forum spammers accounted for one-third of attackware reported.
• The use of domain names in malware URLs grew sharply. Interisle found a 121% increase in the use of domain names in 4Q 2022.
• Attackers continued to exploit file sharing services and code repositories to distribute malware.
ANY.RUN
abuse.ch 
The Threat Codex
Anonymous 🐈️🐾☕🍵🏴🇵🇸 
Trending Tech Nieuws
Not Simon
securityaffairs
securityskeptic 
Tarnkappe.info