Threat Landscape for Industrial Automation Systems in H1 2017
Common Information
| Type | Value |
|---|---|
| UUID | 28f35d49-1b63-414a-8079-9a01b1dabfe8 |
| Fingerprint | 0839195df3417e3010492ddfa8560da1e43b74be078a06ee45a8c6ffb21efc2a |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 20, 2018, 12:51 p.m. |
| Added to db | March 10, 2024, 1:32 a.m. |
| Last updated | Aug. 31, 2024, 3:14 a.m. |
| Headline | Threat Landscape for Industrial Automation Systems in H1 2017 |
| Title | Threat Landscape for Industrial Automation Systems in H1 2017 |
| Detected Hints/Tags/Attributes | 105/3/48 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://ics-cert.kaspersky.com/media/EB_public_FINAL_EN_20042018.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | kashey.ru |
|
| Details | Domain | 2 | www.esodedi.ru |
|
| Details | Domain | 2 | www.i-stroy.ru |
|
| Details | Domain | 2 | www.saledoor.ru |
|
| Details | Domain | 2 | ftpchecker.py |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 338 | kaspersky.com |
|
| Details | 68 | ics-cert@kaspersky.com |
||
| Details | File | 4 | filename.png |
|
| Details | File | 2 | ftpchecker.py |
|
| Details | File | 4 | ini.php |
|
| Details | File | 5 | mysql.php |
|
| Details | File | 2 | opts.php |
|
| Details | File | 2 | error_log.php |
|
| Details | File | 2 | code29.php |
|
| Details | File | 2 | proxy87.php |
|
| Details | File | 7 | theme.php |
|
| Details | File | 2 | sma.php |
|
| Details | File | 3 | media.php |
|
| Details | File | 2 | db-config.php |
|
| Details | File | 2 | find-smbtrap.txt |
|
| Details | File | 2 | find-dirsearch.txt |
|
| Details | File | 2 | find-nmap.txt |
|
| Details | File | 2 | find-wpscan.txt |
|
| Details | File | 2 | find-sublist3r.txt |
|
| Details | File | 2 | dpkg-grep.txt |
|
| Details | File | 2 | openssh-server.md5 |
|
| Details | File | 2 | sshd.md5 |
|
| Details | File | 2 | rpm-grep.txt |
|
| Details | File | 2 | rpm-qa-dump.txt |
|
| Details | Github username | 1 | wso-shell |
|
| Details | Github username | 2 | bediger4000 |
|
| Details | Github username | 4 | jivoi |
|
| Details | Github username | 14 | sqlmapproject |
|
| Details | md5 | 2 | f3e3e25a822012023c6e81b206711865 |
|
| Details | md5 | 2 | c76470e85b7f3da46539b40e5c552712 |
|
| Details | md5 | 2 | 155385cc19e3092765bcfed034b82ccb |
|
| Details | md5 | 2 | 1644af9b6424e8f58f39c7fa5e76de51 |
|
| Details | md5 | 2 | 2292f5db385068e161ae277531b2e114 |
|
| Details | md5 | 2 | 7ec514bbdc6dd8f606f803d39af8883f |
|
| Details | md5 | 2 | 78c31eff38fdb72ea3b1800ea917940f |
|
| Details | md5 | 2 | 428c5fcf495396df04a459e317b70ca2 |
|
| Details | Url | 2 | file://ip/filename.png |
|
| Details | Url | 1 | https://github.com/wso-shell/wso |
|
| Details | Url | 2 | https://github.com/bediger4000/php-malware-analysis/tree/master/db-config.php |
|
| Details | Url | 2 | https://github.com/jivoi/openssh-backdoor-kit |
|
| Details | Url | 7 | https://github.com/sqlmapproject/sqlmap.git |
|
| Details | Yara rule | 2 | rule Backdoored_ssh {
strings:
$a1 = "OpenSSH"
$a2 = "usage: ssh"
$a3 = "HISTFILE"
condition:
uint32(0) == 0x464c457f and filesize < 1000000 and all of ($a*)
} |