Rewterz Threat Alert – ServHelper Backdoor – Active IOCs
December 20, 2021Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
December 20, 2021Rewterz Threat Alert – ServHelper Backdoor – Active IOCs
December 20, 2021Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
December 20, 2021Severity
High
Analysis Summary
Muhstik malware has been around since 2017, and we assume that it is based on a fork of the Mirai code and is currently affecting the cloud by way of several web application exploits. The botnet is monetized via crypto mining and with DDoS attack services. It targets a wide variety of web applications, including WordPress, Drupal, and WebDAV, Oracle’s WebLogic application server, as well an assortment of Internet-of-Things (IoT) and Small Office/Home Office (SOHO) devices. Muhstik uses its botnet to mount sizable distributed denial-of-service (DDoS) attacks, but it will also install several cryptocurrency miners on affected systems.
Impact
- Cryptocurrency Mining
- DDoS
Indicators of Compromise
MD5
- 7d3f686801ae3f90f36aae17f7a66478
- fe5177cbcb78d1aaac9e5adbb9928a74
- 7d3f686801ae3f90f36aae17f7a66478
SHA-256
- e20806791aeae93ec120e728f892a8850f624ce2052205ddb3f104bbbfae7f80
- b30702b6432c4a5ca65ebc060b72f28ba71f60b20bb38b6f858af5e6aa61896f
- e20806791aeae93ec120e728f892a8850f624ce2052205ddb3f104bbbfae7f80
SHA-1
- 237315820fe77880e892d5c30b2f5fde7e5f6d64
- ca78abb998f6a1a2e6e6462cd9e01e44f790f815
- 237315820fe77880e892d5c30b2f5fde7e5f6d64
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.