Updated July 18, 2019
NANS0U aims to infect and infect 50,000 Windows MS-SQL and PHPMyAdmin servers on behalf of the cryptocurrency malware campaign.
Garca researchers found a campaign that ran from April 26 to 11 this year in a May 29 blog post.
[And this is often mentioned
Common cryptocurrency attacks due to the use of public fraud certificates and privileges.
When attacks are detected, all three sources have IP addresses
Originally from South Africa and hosted by Halim Drive ISP. other than
The incident shared the same attack and focus
Use the same procedures and procedures for violations and post-action procedures
Investigators identified 20 vehicles and said they were new
The service costs at least once a week and uses it correctly
Attack companies that spend their free time
Health, telecommunications, media and IT companies.
If a new computer is on the computer, the virus can be infected
The charger is charged and installed
High-rise woodworkers protect them from infection
Attack file that serves HHFS file servers [HTTP
They are all different
Everything in the links has been successful.
The port network has many attacks on MS-SQL, including MS-SQL
Remote control and digital remote control.
Threats hold many uses rights
Costs include cables and cables and turbine engines
Any link indicates that he cannot be wise in this country
Use advanced tools.
This ad is clearly visible during the IP approval phase
If the victim’s vehicle is not damaged or part of the encryption is removed.
In the researcher’s statement. But this applies to all types and errors
It is not a complete test system.
One of the undetectable errors is found in two versions of lcn.exe
The load is the same as mine, but with a change
The command line argument. This means that it was first proposed
Researchers found that the wallet address was incorrect. .
Fortunately, the researchers contacted the provider.
Attack the rootkit server and distributor
Consequences of deleting suspicious servers and issuing certificates