ninfo malware

NasaPaul Botnet: A Need for Speed

Updated: 2021-02-28 - Update detection section to explain why v.py might not be flagged by AV. Updated: 2021-03-03 - Divide article by LM Kill Chain phases instead of MITRE ATT&CK framework. Case Summary I collect live malware samples from honeypots running on public cloud servers. This case examines a repeated security event following a successful bruteforce attack against SSH where malware payloads ninfo and v.py are dropped from nasapaul[.]com. The samples examined in this post were captured on February 23rd, 2021....

February 27, 2021 · 16 min
HoneyTrap Logs

HoneyTraps in the Cloud 101

Updated 2021-03-01: Give the reader a heads up that restarting SSH will kick them from their current session. Overview Honeypots are useful tools for collecting unauthorized interactions as logs. These logs can be digested to identify new attacking techniques or observe active username/password patterns. In the context of a security team, it could provide actionable information to pre-emptively secure the studied environment. This tutorial will discuss general SSH honeypot pre-configuration, HoneyTrap installation, logging, and analysis....

January 25, 2021 · 5 min