New threat actor leverages a varied tool kit & multiple payloads to distribute cryptomining malware

In April, Cisco Talos observed a new threat actor named Rocke using western and Chinese Git repositories to deliver cryptomining malware to honeypots that were vulnerable to an Apache Struts vulnerability. Researchers detected Rocke conducting a similar campaign in July. In that operation, the threat actor communicated with an HTTP File Server (HFS) hosting 11 …