• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – ICS: Emerson OpenEnterprise Multiple Vulnerabilities
May 20, 2020
Rewterz Threat Alert – Greenbug Targets Pakistani Telecom Sector
May 20, 2020

Rewterz Threat Alert – Self-Hiding Eleethub Mining Botnet

May 20, 2020

Severity

Medium

Analysis Summary

Using the name “Los Zetas”, alluding to a Mexican criminal organization, a threat group has unleashed a new cryptocurrency BTC miner. It is hypothesized that, should this malware grow, it could make thousands of dollars within a period of one to two years. A compromised device downloads a malicious shell script which contains the commands to download the botnet client, create directories in which to copy the files, and execute the downloaded files. This allows the malware to communicate with an IRC server. The mining operation is concealed with a rootkit. This particular malware replaces the PS with a crafted version but filters out xmrig and emech processes and other keywords. Once all the files from the rootkit have been downloaded and installed, the malicious scripts will run and a connection to an IRC server is made.

Impact

Mining cryptocurrency

Indicators of Compromise

SHA-256

  • 7ed8fc4ad8014da327278b6afc26a2b4d4c8326a681be2d2b33fb2386eade3c6
  • dbef55cc0e62e690f9afedfdbcfebd04c31c1dcc456f89a44acd516e187e8ef6
  • d9001aa2d7456db3e77b676f5d265b4300aaef2d34c47399975a4f1a8f0412e4
  • 14c351d76c4e1866bca30d65e0538d94df19b0b3927437bda653b7a73bd36358
  • 6d1fe6ab3cd04ca5d1ab790339ee2b6577553bc042af3b7587ece0c195267c9b

URL

  • https[:]//eleethub[.]com/

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.