ioc[.]one - OSINT Cyber Threat Intelligence Database

SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto – Sysdig

Tags

country:	Russia
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Ssh - T1021.004 Systemd Service - T1543.002 Systemd Service - T1501 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	ba0893f4-ede6-4d9c-ad5a-e970ad362fad
Fingerprint	be8103990e87c709
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 11, 2023, midnight
Added to db	July 11, 2023, 12:58 p.m.
Last updated	Oct. 28, 2024, 4:11 a.m.
Headline	SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto
Title	SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto – Sysdig
Detected Hints/Tags/Attributes	72/2/25

Source URLs

	Redirection	Url
Details	Source	https://sysdig.com/blog/scarleteel-2-0/

URL Provider

Details	Provider	Source level domain
Details	sysdig.com	sysdig.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	242	✔	Sysdig	https://sysdig.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	32	temp.sh
Details	Domain	4	termbin.com
Details	Domain	3	hb.bizmrg.com
Details	Domain	3	mcs.mail.ru
Details	Domain	1	c9b9-2001-9e8-8aa-f500-ce88-25db-3ce0-e7da.ngrok-free.app
Details	File	19	in.php
Details	File	1	containerd.log
Details	sha256	1	99e70e041dad90226186f39f9bc347115750c276a35bfd659beb23c047d1df6e
Details	sha256	1	00a6b7157c98125c6efd7681023449060a66cdb7792b3793512cd368856ac705
Details	sha256	1	57ddc709bcfe3ade1dd390571622e98ca0f49306344d2a3f7ac89b77d70b7320
Details	sha256	1	3769e828f39126eb8f18139740622ab12672feefaae4a355c3179136a09548a0
Details	sha256	1	2c2a4a8832a039726f23de8a9f6019a0d0f9f2e4dfe67f0d20a696e0aebc9a8f
Details	IPv4	7	45.9.148.221
Details	IPv4	3	175.102.182.6
Details	IPv4	3	5.39.93.71
Details	IPv4	7	169.254.170.2
Details	Mandiant Temporary Group Assumption	18	TEMP.SH
Details	Url	3	http://45.9.148.221/in/in.php?base64=
Details	Url	1	https://www.virustotal.com/gui/file/99e70e041dad90226186f39f9bc347115750c276a35bfd659beb23c047d1df6e
Details	Url	1	https://www.virustotal.com/gui/file/00a6b7157c98125c6efd7681023449060a66cdb7792b3793512cd368856ac705
Details	Url	1	https://www.virustotal.com/gui/file/57ddc709bcfe3ade1dd390571622e98ca0f49306344d2a3f7ac89b77d70b7320
Details	Url	1	https://www.virustotal.com/gui/file/3769e828f39126eb8f18139740622ab12672feefaae4a355c3179136a09548a0
Details	Url	2	http://175.102.182.6/.bin/in.php?base64=
Details	Url	4	https://temp.sh
Details	Url	1	https://www.virustotal.com/gui/file/2c2a4a8832a039726f23de8a9f6019a0d0f9f2e4dfe67f0d20a696e0aebc9a8f