TeamTNT Leveraging Diamorphine to Hide XMRig: 💥 oracle.zzhreceive[.]top 💥 45.9.148.85 💥 45.9.148.35 💥 199.19.226.117 (Diamorphine is a LKM #rootkit for #Linux Kernels 2.6.x/3.x/4.x/5.x and ARM64)

Codecov Bash Uploader hack - attackers stole credentials, tokens and keys from victims. 💥 104.248.94[.]23 💥 6e63a4a1946e81fb07c08e62fd36e1d2 H/T Florian Roth ⚡️ bleepingcomputer.com/news/security/…

🆕 [analysis] Sysrv #Botnet Expands Infrastructure for Cryptojacking by Jared 💥 Multiple CVEs for Initial Access 💥 #Linux and #Windows Targeting 💥 Lateral Movement via SSH 👾 Full Report: lacework.com/sysrv-hello-ex… 👾 IOCs: github.com/lacework/lacew… #ThreatIntel #Malware

📢 [New TTP] Sysrv evolves and adds persistence to its #PowerShell dropper. 💥 Run location: $env:AppData\sysrv013.exe 💥 Scheduled Task (T1053.005) - "Browser Update" 💥 Run Key (T1547.001) to trigger sysrv013 on boot #malware #botnet #threatintel

📽️[tutorial] See how attackers hide processes from common #Linux monitoring tools by using LD_PRELOAD with Shared Objects to overwrite common functions. 📢 This technique is used frequently by #malware authors targeting #cloud workloads. youtu.be/kLEiUMffriA

🆕 [analysis] Cpuminer & Friends 💥 #Jupyter command execution (T1059) 💥 #WordPress exploitation (T1584) ➕ Tutorial on obfuscated PHP analysis 👾 IOCs: github.com/lacework/lacew… 👾 Full Report: lacework.com/cpuminer-frien… #Malware #webshell #MayThe4thBeWithYou

🆕 [analysis] Canary Tokens & #Ransomware Operations 📨 #Malware abusing canary tokens as notification service 💥 T1567 Exfiltration of keys via #canarytokens lacework.com/canarytokensan…

🌶️ New Analysis | 8220 Gangs Recent use of Custom Miner and Botnet 💥 PwnRig, a custom XMRig-based miner variant 💥 Tsunami-based #Botnet 💥 Attribution | Victim | Targeting Details 👾 Full Report: lacework.com/8220-gangs-rec… 👾 IOCs: github.com/lacework/lacew… #ThreatIntel

📕New blog post - Taking TeamTNT's #Docker Images Offline 💥T1610 - Deploy Container 💥T1204.003 - Malicious Image 💥T1552.001 - Unsecured Credentials: Credentials In Files lacework.com/taking-teamtnt… #Malware #ThreatIntel #Linux

🔥New blog post🔥 "How to defend against DNS exfiltration in #AWS?" This time I'll try to answer when and how Route 53 Resolver DNS Firewall and GuardDuty services can help you block and detect suspicious traffic. rzepsky.medium.com/how-to-defend-…

New blog post! 📕 Hidden Bugs in The Mine: Examining Vulnerabilities in Cryptominers ⛏️ Recently discovered vulnerabilities in #XMRigCC 💥Persistent #XSS 💣Remote #DoS 🥷Default configuration overwriting lacework.com/blog/hidden-bu… #linux #vulnerabilities

📣 On July 20th Greg Foss will be discussing how crimeware operations have evolved into cloud verticals w/ a focus on how organizations can avoid falling victim by understanding adversarial tradecraft. CSA Colorado meetup @ 600pm MDT. See ya there! meetup.com/Denver-Cloud-S…

📢[New TTP] Mespinoza Ransomware Gang 💥adds Linux support 💥leverages AWS for C2 infra 190e0ce36c1a63ec976f7e80618c620f75f853a370ea3e602253a98781f4e5c6 #ransomware #threatintel

the team Lacework Labs just released their latest cloud threat report. full report at bit.ly/lw-ctr-vol2 highlights 👇 ☁️ #cloud #devops #cybersecurity

🚨Muhstik actively exploiting CVE 2021-26084 💥see Lacework Labs' latest blog for details lacework.com/blog/muhstik-t… #linux #malware

New Analysis | HCRootkit Sutersu Linux Rootkit 💥 New samples and infrastructure 💥 Custom protobuf based C2 💥 #Ghidra scripts / #Yara / IOCs Included lacework.com/blog/hcrootkit… #malware #threatintel #infosec #Linux

🚨New Necro variants exploiting Confluence CVE-2021-26084 ITW 👇 55138a70d2c17eb9cbe9d4df19d6cb96 bdc31c3e10f59fc9f507dc9d2ea151ae a63f51075e9c3e02f0beb1ffbbf0bf84 #malware #python

📢New Blog - “Spytech Necro” – Keksec’s Latest Python Malware 💥new C2 protocol + exploits (CVE-2021-26084) 💥tools & IOCs #python #malware #cloud lacework.com/blog/spytech-n…

Episode 69 "Cloud Threats and How to Observe Them" of Cloud Security Podcast where hosts Dr. Anton Chuvakin and Timothy Peacock interview James Condon (James Condon) Lacework about cloud threats cloud.withgoogle.com/cloudsecurity/…

Don't get stuck playing whack-a-mole with your vulnerabilities. ❌ Lacework Labs research shows how #cybercriminals are getting craftier in their attacks—and how to stay steps ahead of them. More from our own James Condon in TechBeacon: laceworkinc.net/3ih4Wmh