Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT

In November 2022, researchers intercepted a threat that incorporated an advanced remote access trojan (RAT) named the CHAOS Remote Administrative Tool (Trojan.Linux.CHAOSRAT), which is based on an open source project.

REFERENCES: https://www.trendmicro.com/en_us/research/22/l/linux-cryptomining-enhanced-via-chaos-rat-.html

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/l/linux-cryptocurrency-mining-attacks-enhanced-via-chaos-rat-/iocs-linux-cryptocurrency-mining-attacks-enhanced-via-chaos-rat.txt

TAGS: chaos rat, linux, teamtnt, kinsing, cloud

MALWARE FAMILY: ChaosRAT

ATT&CK IDS: T1053 - Scheduled Task/Job, T1113 - Screen Capture, T1496 - Resource Hijacking, T1133 - External Remote Services, T1190 - Exploit Public-Facing Application, T1046 - Network Service Scanning, T1087 - Account Discovery, T1059 - Command and Scripting Interpreter, T1053 - Scheduled Task/Job, T1113 - Screen Capture, T1219 - Remote Access Software, T1065 - Uncommonly Used Port, T1437 - Standard Application Layer Protocol, T1041 - Exfiltration Over C2 Channel, T1496 - Resource Hijacking, T1529 - System Shutdown/Reboot, T1499 - Endpoint Denial of Service, T1565 - Data Manipulation

Read More:

https://otx.alienvault.com/pulse/6398503df8a11efccca411ba