Malicious Shell Script Steals Cloud Credentials
Tags
attack-pattern: Data Model Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Serverless - T1583.007 Serverless - T1584.007 Ssh - T1021.004 Sudo - T1169
Show in Graph
Common Information
Type Value
UUID 0264b838-2ce0-4849-b001-391a47e3ea72
Fingerprint 944198109db58f8f
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 8, 2021, midnight
Added to db Oct. 15, 2024, 4:22 p.m.
Last updated Nov. 4, 2024, 8:13 a.m.
Headline Malicious Shell Script Steals Cloud Credentials
Title Malicious Shell Script Steals Cloud Credentials
Detected Hints/Tags/Attributes 50/1/8
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_nl/research/21/a/malicious-shell-script-steals-cloud-credentials.html
Details Source https://www.trendmicro.com/en_dk/research/21/a/malicious-shell-script-steals-cloud-credentials.html
Details Source https://www.trendmicro.com/en_se/research/21/a/malicious-shell-script-steals-cloud-credentials.html
Details Source https://www.trendmicro.com/en_id/research/21/a/malicious-shell-script-steals-cloud-credentials.html
Details Source https://www.trendmicro.com/en_no/research/21/a/malicious-shell-script-steals-cloud-credentials.html
Details Source https://www.trendmicro.com/en_gb/research/21/a/malicious-shell-script-steals-cloud-credentials.html
Details Source https://www.trendmicro.com/en_be/research/21/a/malicious-shell-script-steals-cloud-credentials.html
Details Source https://www.trendmicro.com/en_th/research/21/a/malicious-shell-script-steals-cloud-credentials.html
Details Source https://www.trendmicro.com/en_ie/research/21/a/malicious-shell-script-steals-cloud-credentials.html
Details Source https://www.trendmicro.com/en_hk/research/21/a/malicious-shell-script-steals-cloud-credentials.html
Details Source https://www.trendmicro.com/en_ph/research/21/a/malicious-shell-script-steals-cloud-credentials.html
Details Source https://www.trendmicro.com/en_fi/research/21/a/malicious-shell-script-steals-cloud-credentials.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Domain 49 
trojan.sh
Details Domain 43 
setup.sh
Details Domain 11 
coinminer.sh
Details sha256 2 
4ad20bcd0f915acba7817e0639fcbf4f713beb8ac35112134808d4e5f753d519
Details sha256 2 
86800f9e3b563eaeba1d84d431b83405b2118300c0ad2deab39a093d4b9093c5
Details sha256 2 
96a64cccb55f7b42711015054ddd6ac45459643aa17c13248c6e344dc787cbfd
Details sha256 3 
aad97a08a139e8dff1f02f73479a5b00ecca5b512f627082f9c589fd63479c83
Details sha256 2 
b3daf217ca7339ad9e738f087135af8f63fd46f435711874ccb4bf8ab310f2e5