리눅스 SSH 서버를 대상으로 유포 중인 ChinaZ DDoS Bot 악성코드 - ASEC BLOG
Tags
| attack-pattern: | Dns - T1071.004 Dns - T1590.002 Remote Desktop Protocol - T1021.001 Ssh - T1021.004 Remote Desktop Protocol - T1076 |
Common Information
| Type | Value |
|---|---|
| UUID | e36a0b6e-aa43-4b8e-954d-4022aca77a44 |
| Fingerprint | 45136e365a1c3865 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 20, 2023, 4:57 p.m. |
| Added to db | March 20, 2023, 10:26 a.m. |
| Last updated | Sept. 4, 2024, 10:55 p.m. |
| Headline | 리눅스 SSH 서버를 대상으로 유포 중인 ChinaZ DDoS Bot 악성코드 |
| Title | 리눅스 SSH 서버를 대상으로 유포 중인 ChinaZ DDoS Bot 악성코드 - ASEC BLOG |
| Detected Hints/Tags/Attributes | 24/1/9 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/49845/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 18 | ✔ | ASEC | https://asec.ahnlab.com/ko/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | www.911ddos.com |
|
| Details | File | 2 | declient.exe |
|
| Details | md5 | 3 | c69f5eb555cc10f050375353c205d5fa |
|
| Details | md5 | 3 | c9eb0815129c135db5bbb8ac79686b9a |
|
| Details | md5 | 3 | 2ec7348e6b6b32d50a01c3ffe480ef70 |
|
| Details | IPv4 | 3 | 45.113.163.219 |
|
| Details | Url | 3 | http://45.113.163.219/linux64 |
|
| Details | Url | 3 | http://45.113.163.219/linux32 |
|
| Details | Url | 3 | http://45.113.163.219/win32 |