리눅스 SSH 서버를 대상으로 유포 중인 SuperShell 악성코드 - ASEC
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Ssh - T1021.004 |
Common Information
| Type | Value |
|---|---|
| UUID | ca02fddd-130e-46d8-bdc4-e6a5bb6ebce1 |
| Fingerprint | 70080cc855351cb1 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 11, 2024, 1:11 a.m. |
| Added to db | Sept. 11, 2024, 5:34 a.m. |
| Last updated | Oct. 28, 2024, 4:09 a.m. |
| Headline | 리눅스 SSH 서버를 대상으로 유포 중인 SuperShell 악성코드 |
| Title | 리눅스 SSH 서버를 대상으로 유포 중인 SuperShell 악성코드 - ASEC |
| Detected Hints/Tags/Attributes | 13/2/17 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/83121/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 18 | ✔ | ASEC | https://asec.ahnlab.com/ko/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | sensi.sh |
|
| Details | Domain | 2 | sensi2.sh |
|
| Details | Domain | 2 | sensi1.sh |
|
| Details | Domain | 3 | ssh1.sh |
|
| Details | Domain | 3 | download.c3pool.org |
|
| Details | File | 7 | x64.bin |
|
| Details | IPv4 | 3 | 209.141.60.249 |
|
| Details | IPv4 | 3 | 179.61.253.67 |
|
| Details | IPv4 | 3 | 107.189.8.15 |
|
| Details | IPv4 | 3 | 2.58.84.90 |
|
| Details | IPv4 | 3 | 45.15.143.197 |
|
| Details | Url | 3 | http://45.15.143.197/ssh1 |
|
| Details | Url | 3 | http://45.15.143.197/sensi.sh |
|
| Details | Url | 3 | http://45.15.143.197/x64.bin |
|
| Details | Url | 2 | http://45.15.143.197:44581/ssh1.sh |
|
| Details | Url | 2 | https://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh |
|
| Details | Url | 2 | http://45.15.143.197:10086/supershell/compile/download/ssh1 |