DERO cryptojacking adopts new techniques to evade detection

216.73.217.98

DERO cryptojacking adopts new techniques to evade detection

· Published 14/06/2024 10:11 · Modified 14/06/2024 10:35

Essential information

Published: 14/06/2024 10:11
Modified: 14/06/2024 10:35
Tags: 2024-06-14 cloud cryptojacking dero miner kubernetes
Related entities: 18 observables, 8 techniques (mitre), 1 malware

Description

This report examines the threat actors behind a 2023 cryptojacking campaign targeting misconfigured Kubernetes clusters, focusing on their evolving techniques to avoid detection. It analyzes the malicious Docker images they deployed, the hardcoded wallet and pool information in the DERO miner binary, and additional tools they likely used beyond Kubernetes exploitation. The report also provides defense recommendations and indicators of compromise.

External references

https://www.wiz.io/blog/dero-cryptojacking-campaign-adapts-to-evade-detection
https://otx.alienvault.com/pulse/666c175fe42e7c21fbdbfa27