Posts

Showing posts from October, 2019

DTLMiner

Here is the timeline of DTLMiner, I'm working for Rising Antivirus and monitoring this malware. For more details please refer to links at the end of this blog.


2020.06.03LinuxAdd code for platform check(x86_64 XMRig only)Add code for remove other miner(process/file/cmdline/network)Try to spread through SSH public key loginWindowsUpdate Lateral MovementAdd redis unauthorized access check & rce(linux only)2020.06.02Update 1st-stage scriptAdd code for uninstall specific security product(using wmic)2020.06.01When SSH Brute success, DTLMiner will send command through plink to let compromised host download and execute specific bash script(mainly for mine cryptocurrency)2020.05.28Remove related call of SSH Brute moduleRDP Brute module fully recovered, along with new method to send command into RDP2020.05.25Add a new domain, switch main domain to t.amynx.com2020.05.21Add a new domain, switch main domain to t.awcna.comUpdate Lateral MovementAdd SSH Brute moduleBrute only, not spread2020…