Mining Trojan Emergency Response Guide

Language 2023-05-05 00:23:23 views: null

Mining Trojan Emergency Response Guide

1. Preliminary prediction
2. Quarantine the infected server/host
3. Confirm the mining process
4. Mining Trojan removal

1. Preliminary prediction

Judging whether a mining Trojan has actually been encountered

Computers implanted with mining Trojan horses will experience soaring CPU usage, system freezes, and some services cannot operate normally.
Check the traffic analysis of Tianyan, whether to download things from other dangerous websites, and then execute some mining commands locally
The mining trojan will establish a connection with the address of the mining pool to see if there is an external connection, and request to the remote ip netstart -anoto view all ports

Mining Trojan horse information mining

Check the creation time of the mining Trojan file, check the creation time of the task plan, check the address of the mining pool, and check the time of the first connection to the address of the mining pool through a security monitoring device

Judging the spread range of mining Trojans

You can use security monitoring equipment to check the mining range

Understand the network deployment environment

Network architecture, host data, system type, related security equipment (such as traffic equipment, log monitoring), etc.

2. Quarantine the infected server/host

After discovering the mining phenomenon, the current server/host should be isolated in time without affecting the business, such as disabling non-business-use ports and services, and configuring ACL whitelists. It is recommended that non-important business systems be offline and isolated before investigation

3. Confirm the mining process

Guess you like

Origin blog.csdn.net/Gherbirthday0916/article/details/130264754

Mining Trojan Emergency Response Guide

Security Emergency Response Guide

Ransomware Emergency Response Guide

Operation and Maintenance Bible: Webshell Emergency Response Guide

Operation and Maintenance Bible: Ransomware Emergency Response Guide

The server was hijacked by a mining Trojan

Mining Trojan removal

Emergency response / safety traceability

linux security emergency response

Windows Security Emergency Response (a)

Linux emergency response notes

Emergency response learning

Emergency response methods and capabilities

Emergency response process

Organize the emergency response process

Linux Emergency Response Troubleshooting

Windows Emergency Response Troubleshooting

The whole process of emergency response

Safety emergency response case

windows emergency response

Miner mining Trojan activity analysis

Operation and Maintenance Bible: A Guide to Emergency Response to Mining Trojans

Operation and Maintenance Bible: A Guide to Emergency Response to Mining Trojans

Operation and Maintenance Bible: A Guide to Emergency Response to Mining Trojans

Windows common emergency response command

linux common commands emergency response

Emergency Response -PDCERF model (rpm)

[Reserved] emergency response and investigation traceability

To be or not? Read a text mining strategy and tactics Trojan

Remember once linux mining Trojans Emergency

Recommended

TIOBE May list: Fortran “resurrected” into Top 10

GCC 14.1 released

Ranking

B. Little Girl and Game【1300 / 回文字符串博弈论】

CIKERS Shane 20190613

"Javascript advanced programming" study notes - the constructor and prototype

beeline hiveserver2 start

springboot - Automatically backup mysql data every day

Data Storage Full Solution--Detailed Persistence Technology

Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original

TCP / IP protocol layers structure and function

Command type literal pos: unknown； Fallback type literal pos: unknown] with root cause

Design of multifunctional curtain controller with indoor anti-theft alarm

Daily

More

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)

2024-05-02(0)

2024-05-01(4)

2024-04-30(36)

2024-04-29(5)