DreamBus Unleashes Metabase Mayhem With New Exploit Module [Friday, January 12, 2024]

Zscaler’s ThreatLabz research team has been tracking the Linux-based malware family known as DreamBus. Not much has changed in the last few years o...
DreamBus Unleashes Metabase Mayhem With New Exploit Module [Friday, January 12, 2024]
DreamBus Unleashes Metabase Mayhem With New Exploit Module
Report

DreamBus Unleashes Metabase Mayhem With New Exploit Module

Description :
Zscaler’s ThreatLabz research team has been tracking the Linux-based malware family known as DreamBus. Not much has changed in the last few years other than minor bug fixes, and slight modifications to evade detection from security software. However, in the last 6 months, the threat actor operating DreamBus has introduced two new modules to target vulnerabilities in Metabase and Apache RocketMQ. This is likely in response to a decrease in new infections stemming from exploits utilized by DreamBus, many of which are dated and have been in use for several years. DreamBus also continues to use techniques that exploit implicit trust and weak passwords including Secure Shell (SSH), IT administration tools, cloud-based applications, and databases. The primary monetization vector for DreamBus infections is still through mining Monero cryptocurrency.

Published Created Modified
2024-01-12 11:10:47 2024-01-12 11:10:47 2024-01-12 11:24:14

Tags

Indicators

IPv4s :
  • 139.59.150.7
  • 92.204.243.155
Domains :
  • p2pool.it
  • ru6r4inkaf4thlgflg4iqs5mhqwqubols5qagspvya4whp3dgbvmyhad.onion
Malwares :
  • DreamBus
Hashes :
  • 5d1721d4d362ddcdbd0762eccdb4e07b0cc1c26c7d69da30e024e70c7063c519
  • 9f49375ae05c16d80e02c21f178429602f726ce87295b9dfd9458f37956392e3
  • 5a55acdae38219411b2f3350db425d8883d6238e465d07a71cadfe89877df6ac
  • 25d7b17521629f0861113b1e9f7653dc19c40b1d8f3de685ba29108a0d9fa7aa
  • e52b70a76e382ffd2aff02d1d26269036c589676ba1f2086051c11cb7997a5a5
  • b86fa919ab9ebaa3f8ead4f7ef6ee0bb94a3a1b7d9583e99598893f2738a1c71
  • 34603862c5086a9063e42d79fb094e8d89e3aeef6f8eadf23c6925c6a4201a9c
  • cd647d4497661bf0a7f9a11fd5ca84d52f49d4cca74941a31cf631c8f6bc88d2
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.