Threat Actors Exploit Misconfigured Apache Hadoop YARN

Trend Micro -

SHA-265

Trend Micro Pattern Detection

25d19152363063eb2b1976b416452e63ad21c205f727837d38d17
001831f17f3

Trojan.Linux.KINSING.AB

ec5ed2498945a5b0b1c1f149e201d7395bf3cb1c50f471d82050002
8ffe19d53

Trojan.SH.KINSING.G

d17b00fd7687d2de31b0dd3b43d468f1de281002228361ef3125b92
de0c08772

Trojan.SH.CVE20207961.SM

6e25ad03103a1a972b78c642bac09060fa79c460011dc5748cbb43
3cc459938b

Coinminer.Linux.MALXMR.PUWEMA

11547e36146e0b0956758d48faeb19d4db5e737dc942bc7498ed86
a8010bdc8b

Coinminer.Win32.MALXMR.TIAOODGJ

1caf7ed35dcb8eddb5bca9120294bc79e7d9a24d451bc0fbebb2195
fa5826808

Coinminer.Win32.MALXMR.TIAOODGJ

7cd493e9a14eb33279a96fe025aae0ff37712a300e83dd334cff8ce1
38fd721a

Coinminer.Win32.MALXMR.TIAOODGJ

83c4ff76659aec8db03942b3b7094736e4377048166839d3ab4760
67fbc2f892

Coinminer.Win32.MALXMR.TIAOODGJ

559a8ff34cf807e508d32e3a28864c687263587fe4ffdcefe3f462a70
72dcc74

Coinminer.Win32.MALXMR.TIAOODDS
/16.845.00

a5604893608cf08b7cbfb92d1cac20868808218b3cc453ca86da0a
baeadc0537

Coinminer.Win64.MALXMR.SMA
/16.845.00

b5584e223d79a1bac7dd75e707f8a6f1be2edd1334d194f30a1c060c
11ec130d

Coinminer.MSIL.MALXMR.TIAOODBF

e7446d595854b6bac01420378176d1193070ef776788af12300eb77
0a397bf7

Coinminer.Linux.MALXMR.UWEKM
/16.845.00

fe0816092e006960f2261a3fa919b577aa392291bb0a11149805c651
ac633909

Coinminer.SH.MALXMR.UWEKA

1b7e6877d9cc8f4a64e097dbccac1eef9c596fed743d495d5eb9658
bb92e3010

Trojan.Win64.MALXMR.N

01b4ccc7be55485ff529ca1f92fd5dbefcce93e13720a8b4d5d3385
e944fff8a

Trojan.SH.MALXMR.UWELB

bc79c734cb4378e1d13e429b6237fcee52a1261a396219add751462
d0a1ae1b0

Trojan.Linux.MALXMR.UWELD

508ec039ca9885f1afc6f15bb70adfa9ed32f9c2d0bff511052edb3989
8951c7

Trojan.Python.MALXMR.I

653e638e6e38636b0f14ce233661947f624011ef36f7c7edbc8a7614
248c3fce

Trojan.Python.MALXMR.I

599393e258d8ba7b8f8633e20c651868258827d3a43a4d0712125b
c487eabf92

PUA.Win64.PhoenixMiner.E

f5d0572b2a5c76bfcf5986b6fbbc96d2cd44da36ae08d2633284fa4
782fe68bf

Backdoor.Linux.MIRAI.SMMR1
/16.845.00

fa212943d8c9a66e5087ffd73901a887fea6a5bc657db87575889d2
0f99a2a40

Backdoor.Linux.MIRAI.SMMR1
/16.845.00

8a932e992dde32dfa422691ccf46681050bb675472a2877fdc7d69fb
36817c8a

Backdoor.Linux.MIRAI.SMMR1
/16.845.00

1ab11b57b2848c4ed513acb453cc08b2be65087485ae5fb05b8535f
a99645d7b

Backdoor.Linux.MIRAI.SMNM4
/16.845.00

6aa250a48dc8e50dd2d96e638eb223a72862441cf41972ecd8529
d1c3fe02c8d

Backdoor.Linux.MIRAI.SMNM4
/16.845.00

30a36bcc9c9939d7f1ce76965e17cbb0b4514c41ccfda0e8648f117a
037c8567

Backdoor.Linux.MIRAI.USDSEFM21
/16.845.00

807a6d1de933d35d2793d0932f6ea6a15ee4f76dd3ee91fff4c4f54
c1bd0f2e1

Backdoor.Linux.MIRAI.USDSEFM21
/16.845.00

44bd5e06802690ceef122c321bc9bc1b570c8738c9d23260ca32
ee0e4eba5e0f

Backdoor.Linux.MIRAI.USDSEFM21
/16.845.00

1a372a7e7da228278fbeeff1964066eef45f3cf0ae3293031728c69
fb8d92b3e

Backdoor.Linux.MIRAI.USDSEFM21
/16.845.00

09634a6fab8acacf01b60c0acba85d222d4ad40483259d193cd5
6c5311449d93

Backdoor.Linux.MIRAI.USDSEFM21
/16.845.00

ac7525e69dc3c07ce43344a8b58dca1436088dd2c21878e2dae8b
30a69e4d80f

Backdoor.Linux.MIRAI.USDSEFM21
/16.845.00

3c250e10153ae0eea58ee17e04868f4fed568f4587774de27f31affb
85a7fa19

Backdoor.Linux.MIRAI.USELVEO21
/16.845.00

e55c980a3eddb47a26af86af1ce80ae7a251648923770d5feea7c7
4b1e7dfbf5

Backdoor.Linux.MIRAI.USELVEO21
/16.845.00

fe176f4af1beabf9b85bb93f3f585d491209430a11e4376ea8106a2
974761387

Backdoor.Linux.MIRAI.USELVEO21
/16.845.00

aaaf9574ee271ad917dad99318084256062bbbc7fe90449021963
061104a250e

Backdoor.Linux.MIRAI.USELVEO21
/16.845.00

b2ab91b682b3b36a31836df30d8298f804697240eddbb52910
01c1c588ed832d

Backdoor.Linux.MIRAI.USELVEO21
/16.845.00

23656bbf8b94a039f062d24e40fbea51b9aadb29eaeaa7e9a8
34a43ff378bdab

Backdoor.Linux.MIRAI.USELVEO21
/16.845.00

43cbd16376a32ad679aba66e276c644524f275851b991db7602
95c9160e753f4

Backdoor.Linux.MIRAI.SMMR1
/16.845.00

8971773fb614498d64a5220e48da87a9d395faa326bfc66d77
5815908b18cdb5

Backdoor.Linux.MIRAI.SMMR1
/16.845.00

e74d856b07ebcf4c3b21425918daed075f10b3b14f9f97aadf3a
2ada96d8a892

Backdoor.Linux.MIRAI.SMMR1
/16.845.00

2706f6fa6b0da69436513b0790a9194dcdd2463a5150b9d00
699fa30708a9ff9

ELF_MIRAILOD.SM/16.845.00

76d42ec36a9157ba20ccc643d59d8a735ea31016ac1064dc92
b4843a578c1520

Backdoor.Linux.GAFGYT.USELVEO21
/16.845.00

9a4c8cf6336544d27c62355b85a882fd8137a336d4aaa893d16
07ef1b4aa2743

Backdoor.Linux.GAFGYT.USELVEO21
/16.845.00

9aa8a11a52b21035ef7badb3f709fa9aa7e757788ad6100b4086f
1c6a18c8ab2

HackTool.Linux.PortScan.A/16.845.00

1225cc15a71886e5b11fca3dc3b4c4bcde39f4c7c9fbce6bad5e4d3
ceee21b3a

HKTL_SSHBRUTE/16.845.00

558c12a703cac54a1a1206d80b12203d323b869e486a18c4340a0
9ff0a482570

TROJ_FRS.VSNW18E21/16.845.00

b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a
86de09

PUA.Win32.XMRig.KAZ

Read More: https://www.trendmicro.com/en_us/research/21/g/threat-actors-exploit-misconfigured-apache-hadoop-yarn.html