The injected coinhive iframe - a quick look - 2018-01-15 19:55:50

Hi everyone, this is my first blog post so I thought I’d introduce myself: My name’s Brett, I’m currently a security engineer for a MSP where a portion of my job (as well as being a member of the SOC) is to look after and make sure the abuse queue is dealt with and ensure that the abuse of our services are kept to a minimum. I’m writing this blog post up because I do see this type of compromise a lot and I thought I would share my experiences in how I’ve seen it occuring in the wild in the hope that it will help Threat hunters and other similar roles in discovering and dealing with such compromises and the kind of simple IOCs and data points to look for!