Simple SSH Backdoor - SANS Internet Storm Center
Common Information
| Type | Value |
|---|---|
| UUID | 72855ec2-072c-4db6-96ca-e18a452f671e |
| Fingerprint | 96ac117fbda01ccf |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | July 5, 2025, midnight |
| Added to db | June 7, 2025, 3:30 a.m. |
| Last updated | July 11, 2025, 4:25 p.m. |
| Headline | Internet Storm Center |
| Title | Simple SSH Backdoor - SANS Internet Storm Center |
| Detected Hints/Tags/Attributes | 30/2/14 |
Archive Viewer
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://isc.sans.edu/diary/rss/32000 |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 169 | ✔ | SANS Internet Storm Center, InfoCON: green | https://isc.sans.edu/rssfeed_full.xml | 2025-06-06 22:06 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4 | hivepro.com |
|
| Details | Domain | 38 | lolbas-project.github.io |
|
| Details | File | 2274 | cmd.exe |
|
| Details | File | 5 | c:\windows\system32\openssh\ssh.exe |
|
| Details | File | 171 | dllhost.exe |
|
| Details | File | 37 | ssh.exe |
|
| Details | File | 3 | scp.exe |
|
| Details | sha256 | 2 | b701272e20db5e485fe8b4f480ed05bcdba88c386d44dc4a17fe9a7b6b9c026b |
|
| Details | IPv4 | 2 | 193.187.174.3 |
|
| Details | Mandiant Uncategorized Groups | 29 | UNC4034 |
|
| Details | Url | 1 | https://hivepro.com/threat-advisory/unc4034-slips-in-a-backdoor-with-trojanized-putty/ |
|
| Details | Url | 1 | https://lolbas-project.github.io/lolbas/Binaries/Ssh/ |
|
| Details | Url | 1 | https://www.virustotal.com/gui/file/b701272e20db5e485fe8b4f480ed05bcdba88c386d44dc4a17fe9a7b6b9c026b/details |
|
| Details | Url | 3 | https://www.sans.org/cyber-security-courses/reverse-engineering-malware-malware-analysis-tools-techniques/ |