Unmasking Prometei: A Deep Dive Into MXDR Findings

SUMMARY :

This analysis examines the Prometei botnet's infiltration of a customer's system through a targeted brute force attack. Leveraging Trend Vision One, the investigation traced the botnet's detailed installation routine and stealthy tactics. Prometei, a modular malware family used for cryptocurrency mining and credential theft, spreads by exploiting vulnerabilities and using PowerShell scripts. The botnet downloads compressed archives containing various components to maintain control over infected devices. Key findings include the use of a domain generation algorithm for command and control, deployment of web shells, and connections to the Tor network. The threat actors behind Prometei are likely Russian-speaking individuals, as evidenced by language settings and targeting behaviors.

OPENCTI LABELS :

lateral movement,botnet,credential theft,tor,web shell,cryptocurrency mining,dga,prometei,cve-2021-27065,cve-2021-26858,cve-2019-0708


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Unmasking Prometei: A Deep Dive Into MXDR Findings