Mimo CoinMiner and Mimus Ransomware Installed via Vulnerability Attacks

AhnLab SEcurity intelligence Center (ASEC) recently observed circumstances of a CoinMiner threat actor called Mimo exploiting various vulnerabilities to install malware. Mimo, also dubbed Hezb, was first found when they installed CoinMiners through a Log4Shell vulnerability exploitation in March 2022.

Up until now, all of the attack cases involved the installation of XMRig CoinMiner called Mimo Miner Bot in the final stage. However, there were other pertinent cases where the same threat actor installed Mimus ransomware, proxyware, and reverse shell …

actor ahnlab asec attack attacks called cases center coinminer coinminers exploitation exploiting found install installation intelligence log4shell log4shell vulnerability malware malware analysis march ransomware security security intelligence threat threat actor vulnerabilities vulnerability vulnerability exploitation