ioc[.]one - OSINT Cyber Threat Intelligence Database

More SSH Fun! - SANS Internet Storm Center

Tags

attack-pattern:

Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	23a41415-f4c3-45ba-bf14-50f712ca66f4
Fingerprint	76a80d71b221cfe3
Analysis status	DONE
Considered CTI value	0
Text language
Published	Dec. 24, 2024, midnight
Added to db	Dec. 24, 2024, 8:49 a.m.
Last updated	Dec. 25, 2024, 11:25 a.m.
Headline	Internet Storm Center
Title	More SSH Fun! - SANS Internet Storm Center
Detected Hints/Tags/Attributes	25/1/18

Source URLs

	Redirection	Url
Details	Source	https://isc.sans.edu/diary/rss/31542

URL Provider

Details	Provider	Source level domain
Details	sans.edu	isc.sans.edu

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	142	✔	SANS Internet Storm Center, InfoCON: green	https://isc.sans.edu/rssfeed_full.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		vdch79w0-8000.inc1.devtunnels.ms
Details	Domain	7		devtunnels.ms
Details	Domain	474		isc.sans.edu
Details	Domain	242		learn.microsoft.com
Details	Domain	21		ngrok.com
Details	File	42		ssh.exe
Details	File	1		dp0start.vbs
Details	File	5		c:\windows\system32\openssh\ssh.exe
Details	File	1		%temp%\file1.exe
Details	File	4		ghost.exe
Details	sha256	1		3172eb8283a3e82384e006458265b60001ba68c7982fda1b81053705496a999c
Details	IPv4	1		64.227.161.158
Details	Url	1		https://vdch79w0-8000.inc1.devtunnels.ms/ghost.exe
Details	Url	1		https://isc.sans.edu/diary/christmas
Details	Url	1		https://www.virustotal.com/gui/file/3172eb8283a3e82384e006458265b60001ba68c7982fda1b81053705496a999c/details
Details	Url	2		https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview
Details	Url	5		https://ngrok.com
Details	Windows Registry Key	200		HKCU\Software\Microsoft\Windows\CurrentVersion\Run