Originally reported by ZDNet, Sophos has recently published a report identifying the threat group behind the MrbMiner cryptomining botnet. After identifying the underlying infrastructure that makes up MrbMiner, Sophos named an Iranian software development firm as the culprit. Sophos found several MrbMiner domains were hosted from the same server used to host vihansoft[.]ir, which is the website of the accused Iranian-based software firm. Additionally, that domain was reused by the Command and Control (C2) server for the MrbMiner operation.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is