Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Expected cyber-crime techniques for 2019
November 26, 2018
Rewterz Threat ADVISORY – CVE-2018-19406 & CVE-2018-19407 – Linux Kernel Denial of Service vulnerabilities
November 27, 2018
A New Linux crypto-miner executes shell on Linux and exploits privilege escalation vulnerabilities to steal root password and disables antivirus.
IMPACT: MEDIUM
PUBLISH DATE: 26-11-2018
OVERVIEW
It has been identified that a Linux crypto-miner has the ability to steal root passwords and disable the system’s antivirus.
The trojan first identifies and kills all rival cryptocurrency-mining malware families, and then downloads and starts its own Monero-mining operation. Trojan also installs a rootkit and another strain of malware that can execute DDoS attacks.
ANALYSIS
This new malware strain doesn’t have a distinctive name and is being tracked by its generic detection name of Linux.BtcMine.174.
But despite the generic name, the trojan is a little bit more complex than most Linux malware, mainly because of the plethora of malicious features it includes.
The trojan itself is a giant shell script of over 1,000 lines of code. This script is the first file executed on an infected Linux system. The first thing this script does is to find a folder on disk to which it has write permissions so it can copy itself and later use to download other modules.
Once the trojan has a foothold on the system it uses one of two privilege escalation exploits CVE-2016-5195 (also known as Dirty COW) and CVE-2013-2094 to get root permissions and have full access to the OS.
INDICATORS OF COMPROMISE
SHA1 file hashes for the trojan’s various components are available on GitHub.
https://github.com/DoctorWebLtd/malware-iocs/tree/master/Linux.BtcMine.174
Here’s further analysis of the Trojan in case system admins want to scan their systems.
https://vms.drweb.com/virus/?i=17645163
AFFECTED PRODUCTS
Red Hat Virtualization 4.x Red Hat Enterprise Linux Desktop 7
Red Hat Enterprise Linux HPC Node 7
Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux Workstation 7
UPDATES
Red Hat Network provides the updated packages via the following links.
https://access.redhat.com/errata/RHSA-2018:3092
If you think you’re a victim of a cyber-attack, immediately send an email to soc@rewterz.com for a quick response.