Dreambus campaign (2021)

Type

Campaign

Actors

🚌Dreambus operator

Pub. date

January 22, 2021

Initial access

1-day vulnerabilitySoftware misconfig

Impact

Resource hijacking

Observed techniques

SSH propagationMisconfigured Redis abuseMisconfigured PostgreSQL abuseMisconfigured Apache Hadoop abuseMisconfigured Consul abuse

Observed tools

XMRig

Targeted technologies

PostgreSQLApache HadoopApache SparkHashicorp ConsulRedisSaltStack

References

https://www.zscaler.com/blogs/security-research/dreambus-botnet-technical-analysis

Status

Finalized

Last edited

Jun 5, 2024 9:52 AM

See 🚌Dreambus operator for more information.