Skip to content

Laskowski-Tech

  • Home
  • Projects
    • Calamity – Malware Triage from Memory Dumps
    • LW-yara Malware signature database
    • Minerchk – malicous crypto-mining detection
    • Blazescan – Linux Webserver Malware scanner and DFIR toolset
    • Drupal Check CVE 2018-7600
  • Resources
    • pfSense
    • Securing WordPress
    • Web Server Malware Investigating
  • Articles
  • CV
  • Contact

Category: cryptomining

Everything and the Kitchen Sink

Posted on January 30, 2019February 18, 2019 by admin

So earlier this past month I was looking over my web attack dashboard and normally I see standard recon scanning for phpmyadmin and known wordpress shells, but on the 17th, something stood out to me. An attack that looked to be targeting

Read More

Posted in analysis, cryptomining, dfir, malware, soc

Converge Detroit Talk- Crypto-currency the internet wide bug bounty program

Posted on May 15, 2018May 30, 2018 by admin

So if you have perused here much, you know that I investigate many cases of malicious crypto mining on servers. Well after speaking at a local meetup I was invited to give the talk at the conference Converge in Detroit. It was

Read More

Posted in analysis, cryptomining, malware, web server

Drupalgeddon Crypto-jacking campaign

Posted on May 8, 2018May 8, 2018 by admin

So late last week Troy Mursch (@bad_packets) revealed a crypto-jacking campaign targeting out of date Drupal sites. He quite helpfully laid out the extent of the campaign and created a Google doc with around 350 (now looks close to 400) sites confirmed to

Read More

Posted in analysis, cryptomining, malware, web server

Minerchk version 1.4 release

Posted on May 7, 2018May 7, 2018 by admin

Hello there interwebs. If you don’t know or perhaps if you do I’ve been working on a project to assist Incident Responders and Systems Administrators detect and remediate malicious cryptomining. Development has come quite away since the first beta release. So since

Read More

Posted in cryptomining, monitoring, web server

Crypto-jacking targeting vBulletin 4.2.X forums

Posted on April 8, 2018April 8, 2018 by admin

So last week I was involved in working on a site with reports of users having their AV flag for malware. The site was a forum site and the reports were of possible crypto mining occurring. Well, more or less one of

Read More

Posted in analysis, cryptomining

Player 2 Enters, Sumokoin

Posted on February 16, 2018February 16, 2018 by admin

So I have done a few write ups on the prevalence of malicious crypto-mining on servers. These previous write ups have mostly focused on Monero (XMR) as this has been the currency of choice do to the ease of mining due to

Read More

Posted in analysis, cryptomining, malware

Snort rule generator and updated Monero Miner Rules

Posted on February 5, 2018February 5, 2018 by admin

So this morning I was wanting to update the original snort crypto miner rules to my minerchk tools. I thought it would be nice to create detection based on all of the domain and IP addresses that I’ve uncovered using the infection

Read More

Posted in cryptomining, logging, pfsense

File-less Crypto-mining? kind of…

Posted on January 22, 2018February 4, 2018 by admin

So, not to over hype, but everyone these days is excited about the idea of file-less malware to bypass traditional anti-malware techniques. I ran into a case last week in which I saw some techniques that evaded my traditional methods for locating

Read More

Posted in analysis, cryptomining, malware

Minerchk Beta Announcement!

Posted on January 8, 2018January 9, 2018 by admin

  So if you haven’t been here before, I’ve been looking into instances of malware using crypto-mining as a means of monetizing hacked servers on the network I work on. In that research, we found that compromised servers had been mining over

Read More

Posted in analysis, cryptomining, monitoring, web server

Holiday post, New Year’s crypto-miner write up Part 2

Posted on December 31, 2017January 9, 2018 by admin

Here’s part 2. of the Holiday minerware write ups, you can check out part 1 here. So lets dig in to Case 2.   Alert method: Load on the server This case was first reported as a load investigation on a web

Read More

Posted in analysis, cryptomining, malware, web server

Holidays post! Unwrapping miner malware! \(^o^)/ pt. 1

Posted on December 25, 2017January 9, 2018 by admin

Hello, and happy holidays! I have a few binaries to unwrap for you today. These are 2 separate incidents from the prior week of some more miners in the wild. First up we have Case 1.   Alert method: Hacked site and

Read More

Posted in analysis, cryptomining, malware, web server

Crypto-miners on Webservers Part 2

Posted on December 15, 2017January 9, 2018 by admin

So this post is a follow up to the first in this series. In the first post I went over the data on attacks in the wild focusing on prevalence and motivations, this post is more of a focus on technical indicators

Read More

Posted in analysis, cryptomining, malware

Crypto-miners on Webservers Part 1

Posted on December 12, 2017January 9, 2018 by admin

So in my day to day work I come across many servers that have been compromised. Far and away the majority of these compromises use either phishing or spam as their monetization method. In the past year or two crypto ransomware has

Read More

Posted in analysis, cryptomining, malware

Recent Articles

  • Opnsense and SSL decryption using sslsplit
  • TIL: How to Unpatch Office and get that sweet execution
  • Breakout Time: Trickbot edition (Gtags QWE, lib693, tt0002)
  • Remco’s RAT, AMSI killing in the wild and defender evasion.
  • Definitely Racoon this time!
  • OSTAP: Maldocs, with a sprinkle of Jscript
  • What is this? Bad for sure! Racoon Stealer, maybe?
  • Is That Really Your AV Company? (Trickbot gtag mor85)
  • .Club Phish
  • Emotet’s away but Trickbot still wants to play

Categories

All rights reserved © Laskowski-Tech Powered by WordPress Theme by Mina Themes