Shadowsocks流量解密重定向攻击研究
Tags
| attack-pattern: | Data Model Dns - T1071.004 Dns - T1590.002 Python - T1059.006 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 8012b05e-25db-433b-84d2-f1788b4e8e73 |
| Fingerprint | 3b4e87ce42a6c63f |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Feb. 9, 2023, midnight |
| Added to db | Dec. 19, 2024, 12:45 p.m. |
| Last updated | Dec. 23, 2024, 9:06 p.m. |
| Headline | Shadowsocks流量解密重定向攻击研究 |
| Title | Shadowsocks流量解密重定向攻击研究 |
| Detected Hints/Tags/Attributes | 21/1/21 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.secrss.com/articles/51733 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4706 | github.com |
|
| Details | Domain | 26 | logging.info |
|
| Details | Domain | 6752 | 163.com |
|
| Details | File | 251 | flag.txt |
|
| Details | File | 1 | 首先是local.py |
|
| Details | File | 1 | 定位到eventloop.py |
|
| Details | File | 1 | 所以我们定位tcprelay.py |
|
| Details | File | 2 | server_socket.bin |
|
| Details | File | 2 | logging.log |
|
| Details | File | 26 | logging.inf |
|
| Details | File | 5 | encrypt.py |
|
| Details | File | 170 | config.json |
|
| Details | File | 1 | c:\\\\windows\\\\system32\\\\libcrypto.dll |
|
| Details | File | 1 | header_resultlogging.inf |
|
| Details | Github username | 3 | shadowsocks |
|
| Details | IPv4 | 1577 | 127.0.0.1 |
|
| Details | IPv4 | 1 | 49.235.117.239 |
|
| Details | IPv4 | 676 | 0.0.0.0 |
|
| Details | Url | 1 | https://blog.soreatu.com/posts/analyasis-of-shadowsocks-and-related-attack/#redirect |
|
| Details | Url | 1 | https://github.com/shadowsocks/shadowsocks/tree/master |
|
| Details | Url | 1 | http://49.235.117.239:8000/flag.txt |