Supershell Malware Being Distributed to Linux SSH Servers - ASEC
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Brute Force - T1110 |
Common Information
| Type | Value |
|---|---|
| UUID | 5ff1a1a6-6667-492b-a053-d695ca4285c7 |
| Fingerprint | 842a245bc1bf9c11 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 10, 2024, 3 p.m. |
| Added to db | Sept. 19, 2024, 2:30 a.m. |
| Last updated | Oct. 28, 2024, 4:09 a.m. |
| Headline | Supershell Malware Being Distributed to Linux SSH Servers |
| Title | Supershell Malware Being Distributed to Linux SSH Servers - ASEC |
| Detected Hints/Tags/Attributes | 31/2/17 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/en/83232/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 17 | ✔ | ASEC | https://asec.ahnlab.com/en/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | sensi.sh |
|
| Details | Domain | 2 | sensi2.sh |
|
| Details | Domain | 2 | sensi1.sh |
|
| Details | Domain | 3 | ssh1.sh |
|
| Details | Domain | 3 | download.c3pool.org |
|
| Details | File | 7 | x64.bin |
|
| Details | IPv4 | 3 | 209.141.60.249 |
|
| Details | IPv4 | 3 | 179.61.253.67 |
|
| Details | IPv4 | 3 | 107.189.8.15 |
|
| Details | IPv4 | 3 | 2.58.84.90 |
|
| Details | IPv4 | 3 | 45.15.143.197 |
|
| Details | Url | 3 | http://45.15.143.197/ssh1 |
|
| Details | Url | 3 | http://45.15.143.197/sensi.sh |
|
| Details | Url | 3 | http://45.15.143.197/x64.bin |
|
| Details | Url | 2 | http://45.15.143.197:44581/ssh1.sh |
|
| Details | Url | 2 | https://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh |
|
| Details | Url | 2 | http://45.15.143.197:10086/supershell/compile/download/ssh1 |