Execute Operator’s Is my host protected against XMRig crypto miner?
TTP on each host in your environment to test if you are vulnerable.
This chain is configured to stage the XMRig miner on the host and execute it. If the process is allowed to run on the host, XMRig miner will execute for 15 seconds and attempt to connect to a cryptocurrency mining pool. If the host is protected, the XMRig miner process should be blocked or killed.
To protect yourself from cryptocurrency mining, you should monitor for crypto miner processes on your hosts, block and kill any crypto miner processes, and monitor for outbound connections to cryptocurrency mining pools.
Check out the TTP Is my host protected against XMRig crypto miner? on the Prelude chains website.
Thanks for reading our latest TTP Tuesday release! Please subscribe and reach out with any feedback. We love to hear from our community!
There are several ways to follow us and learn more about Prelude and our team members:
Download Prelude Operator: https://www.prelude.org/download/current
See the latest kill chain and TTP Releases: https://chains.prelude.org
See our open-source repositories: https://github.com/preludeorg
Discord: https://discord.gg/gzUv4XNquu
Reddit: https://www.reddit.com/r/preludeorg/
Twitter: https://twitter.com/preludeorg
Listen to our Podcast: https://anchor.fm/preludeorg
Read our blog: https://feed.prelude.org
Watch our live streams: https://www.twitch.tv/preludeorg
Watch our pre-recorded content: https://www.youtube.com/c/preludeorg
David: https://twitter.com/privateducky
Alex: https://twitter.com/khyberspache
Octavia: https://twitter.com/VVX7
Waseem: https://twitter.com/gerbsec