Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Intel]: https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/ #778

Open
timb-machine opened this issue Jan 18, 2024 · 0 comments
Open

[Intel]: https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/ #778

timb-machine opened this issue Jan 18, 2024 · 0 comments
Assignees
@timb-machine
Labels
confirmed

Comments

@timb-machine
Copy link
Owner

timb-machine commented Jan 18, 2024
edited
Loading

Area

Malware reports

Parent threat

Reconnaissance, Initial Access, Persistence, Privilege Escalation, Defense Evasion, Impact

Finding

https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/

Industry reference

attack:T1496:Resource Hijacking
uses:k8s
attack:T1140:Deobfuscate/Decode Files or Information
uses:Python
attack:T1611:Escape to Host
attack:T1562.008:Disable or Modify Cloud Logs
attack:T1027.004:Compile After Delivery
attack:T1547.006:Kernel Modules and Extensions
attack:T1574.006:Dynamic Linker Hijacking
uses:ProcessTreeSpoofing
attack:T1190:Exploit Public-Facing Application
attack:T1595.002:Vulnerability Scanning
uses:ModifyServerShell
delivery:Redis
uses:Redis

Malware reference

XMRig
Diamorphine
libprocesshider
Pnscan
Zgrab
Masscan

Actor reference

Kiss-A-Dog
TeamTNT

Component

Linux

Scenario

Cloud hosted services
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@timb-machine timb-machine

Labels
confirmed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@timb-machine