Supershell Backdoor IOCs - SEC-1275-1
Tags
| attack-pattern: | Ssh - T1021.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 5bdb4688-18a7-4d55-bae1-e798aa8d619b |
| Fingerprint | 680b44eb0ba69c6d |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 23, 2024, midnight |
| Added to db | Sept. 23, 2024, 10:39 a.m. |
| Last updated | Oct. 28, 2024, 4:09 a.m. |
| Headline | Supershell Backdoor IOCs |
| Title | Supershell Backdoor IOCs - SEC-1275-1 |
| Detected Hints/Tags/Attributes | 10/1/15 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://1275.ru/ioc/3999/supershell-backdoor-iocs/?mtm_campaign=rss |
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | 1275.ru | 1275.ru |
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 8 | ✔ | Архивы IOC - SEC-1275-1 | https://1275.ru/ioc/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | sensi.sh |
|
| Details | File | 7 | x64.bin |
|
| Details | md5 | 1 | 4ee4f1e7456bb2b3d13e93797b9efbd3 |
|
| Details | md5 | 1 | 5ab6e938028e6e9766aa7574928eb062 |
|
| Details | md5 | 1 | e06a1ba2f45ba46b892bef017113af09 |
|
| Details | IPv4 | 3 | 107.189.8.15 |
|
| Details | IPv4 | 3 | 179.61.253.67 |
|
| Details | IPv4 | 3 | 2.58.84.90 |
|
| Details | IPv4 | 3 | 209.141.60.249 |
|
| Details | IPv4 | 3 | 45.15.143.197 |
|
| Details | Url | 3 | http://45.15.143.197/sensi.sh |
|
| Details | Url | 3 | http://45.15.143.197/ssh1 |
|
| Details | Url | 3 | http://45.15.143.197/x64.bin |
|
| Details | Url | 1 | http://45.15.143.197:10086/supershell/compile/download/ssh |
|
| Details | Url | 1 | http://45.15.143.197:44581/ssh1 |