Personally, I would start with the Appendix, to which Ben already alluded. Appendix 1: Initial Access
CVE-2023-33246 is a vulnerability found in RocketMQ, which is a software that manages messages. This vulnerability allows unauthorized execution of commands on systems where RocketMQ is installed. This applies to versions 5.1.0 and below. The current version is 5.3.1. For more details: https://nvd.nist.gov/vuln/detail/CVE-2023-33246 Regards, - Robert On Sat, Oct 5, 2024 at 5:18 PM Courtney Rosenthal <[email protected]> wrote: > Unfortunately, not easy. > > See the "Detection" section of this page: > > > https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/ > > I looked for traces on the filesystems of my exposed hosts and didn't > see any, so I'm going to declare them "clean". > > On 10/5/24 15:30, American Citizen wrote: > > I have read through the replies, but this question has not been answered > > yet. Anyone? > > > > On 10/4/24 18:30, Russell Senior wrote: > >> Is there any easy way to detect this malware? > > -- > Courtney Rosenthal (she/her) / [email protected] / www.crosenthal.com >
