ioc[.]one - OSINT Cyber Threat Intelligence Database

Gitlab RCE Stealth Shellbot

Tags

country:	Portugal
attack-pattern:	Malicious Image - T1204.003 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	87a7dfd3-142b-4e3e-af37-fa4b323346f0
Fingerprint	b1324f09eddf86c2
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 13, 2022, midnight
Added to db	Aug. 31, 2024, 11:24 a.m.
Last updated	Nov. 11, 2024, 2:18 p.m.
Headline	Gitlab RCE Stealth Shellbot
Title	Gitlab RCE Stealth Shellbot
Detected Hints/Tags/Attributes	36/2/15

Source URLs

	Redirection	Url
Details	Source	https://brianstadnicki.github.io/posts/malware-gitlab-perlbot/

URL Provider

Details	Provider	Source level domain
Details	github.io	brianstadnicki.github.io

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	491	✔	Brian Stadnicki	https://brianstadnicki.github.io/index.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	43		cve-2021-22205
Details	CVE	9		cve-2021-22204
Details	Domain	1		ba.sh
Details	Domain	3		cf.sh
Details	Domain	1		load.sh
Details	Domain	30		init.sh
Details	Domain	10		solr.sh
Details	Domain	12		ldr.sh
Details	File	4		scan.log
Details	sha256	1		0d00200acb2caf4e2bc52285795bb13cb916fc051550c8e9dd3a19897068a494
Details	sha256	1		9e52e0b8a9d3a3de2159c03974f0b778fe4c910fa09e7084435031f34cc0ff0e
Details	sha256	1		7b4ef0d14bec12844653b4dbaed7db96bcdd04bbc755d4b42970a065a9a3886d
Details	IPv4	1		82.165.155.100
Details	Url	1		http://82.165.155.100/san
Details	Url	1		http://82.165.155.100/ba.sh