The Internet is plagued by automated systems that search for servers with weak credentials to infect with their malware. In this blog post, we will analyze a well-known malware that has been active for years: Dota.
At CounterCraft, we talk a lot about the TTPs our platform can detect and classify, and how we are pioneering the integration of the Mitre ATT&CK TTP classification framework.
The Atlassian Confluence exploit has been in the wild for a while now. Although the response and patching was quite rapid, there are still servers that are unpatched and being exploited.
You may have seen our recent posts about how TeamTNT is abusing Docker daemons for mining Monero. In this blog post, we will describe another method we have observed that includes the use of malicious Docker images available at Docker Hub.
Last week, we published a blog post describing how TeamTNT created a Docker worm that was replicating itself in open Docker daemons. In the case of that example, everything took place inside a Docker container.