ioc[.]one - OSINT Cyber Threat Intelligence Database

High Level Overview of a Malicious Perl Bot — Stratosphere IPS

Tags

country:	Israel Portugal
attack-pattern:	Direct Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Ssh - T1021.004

Show in Graph

Common Information

Type	Value
UUID	fe3a7427-7fb1-400f-ad6a-393ea5229c22
Fingerprint	aca831326cb1a79a
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 29, 2018, midnight
Added to db	Feb. 18, 2023, 1:35 a.m.
Last updated	Nov. 18, 2024, 11:23 a.m.
Headline
Title	High Level Overview of a Malicious Perl Bot — Stratosphere IPS
Detected Hints/Tags/Attributes	35/2/41

Source URLs

	Redirection	Url
Details	Source	https://www.stratosphereips.org/blog/2018/5/29/high-level-overview-of-a-malicious-perl-bot

URL Provider

Details	Provider	Source level domain
Details	stratosphereips.org	www.stratosphereips.org

Attributes

Details	Type	#Events	Value
Details	Domain	216	www.symantec.com
Details	Domain	622	en.wikipedia.org
Details	Domain	4	www.computerhope.com
Details	Domain	3	perldoc.perl.org
Details	Domain	1	mkweb.bcgsc.ca
Details	File	1207	index.php
Details	File	53	main.php
Details	File	1	signals.htm
Details	File	2	use.html
Details	File	1	ch17_16.htm
Details	File	1	our.html
Details	md5	1	35a12b75a54af8058f8dadfbfd19a4e5
Details	sha256	1	4188692fd507fe4c362ad5aa99b5db01673e88ec8bfe605986ceb1480c2e6c97
Details	sha256	1	4afbec94b6fbfbf029b2523066e99ec100abfada0e01d51a75d38df5017e1f17
Details	sha256	1	88b97b8b7f057a14306cee1e897bc21a0bc532f34f75909d9757eab87a3c5073
Details	sha256	1	b7ace626d78df0da598ce073036b6cee4c1dcddf4a7b243b2f5db8ee6984e118
Details	sha256	1	e1aad4adc49e7d9c4c4bacd891bf5360ceaf73426308591738403197c76b8173
Details	sha256	1	0df388eed28b40a537d0f5807f16c666ffbfe4bbc9fad5918bbd85273d83abd0
Details	sha256	1	198990a591fb560d663178041ef324c767217403e7a52b515843a883b26e29db
Details	sha256	1	c279bcb14864c943fab9c3457d7edb0a92944de020839c918066e4c0f0e3625a
Details	sha256	1	1df250a4f02d9d7b8be64b506ebb051770371102d23de4531a4afe06673f0f59
Details	sha256	1	4fb9abe9bfb6d129913fb6b96a8f7086dcad3f7e5b0fb378f0a9796fdb09e7ba
Details	sha256	1	8459737175572299d403db24c983ed290f4b472dc232564bef2240d7d65051c4
Details	sha256	1	c9f8610ac2fb8481294722f58862485e0cd69ba0c351c35552f7f1540458e955
Details	sha256	1	8871bf7645c132b73f7d16c22ef5c643fe6c3de6537196ffe78f27329a2e3c94
Details	sha256	1	882f045e8a4a59bf43f9a871e4685b9a41ef7afef4b1747a4b1ff6132dc0fb3e
Details	sha256	1	3a7a31b3939025d2c398cc3ed65d4e414582a0dfcaadbf2555b5815614d07bb6
Details	sha256	1	5f66883e616bfb7b97b77486796f66206d3cc66340ddea1394ce61bd977d7ef8
Details	sha256	1	c0f2309436e0300f4af3411c6eff73b1a61c3a6c27663403f88e832ed51e2361
Details	sha256	1	fb0bb067dc83c008173cd8d33a36f0855857f19a72dfe99a86f1ba605a71c165
Details	sha256	1	e8182f5bcdac4d24ccb9f0538a18a4a57da8cc5c86b17fa0e2634c10cd341895
Details	sha256	1	87c97cbca3e2dc98ac87f0aac06841e088bd28101d07dba42b3970e72b633aa1
Details	sha256	1	70b982df6414ba0e613db9a2427c57b9b7518d92f02de6e255fabb918dffa2e6
Details	IPv4	4	3.4.5.6
Details	Url	1	https://www.virustotal.com/en/file/4188692fd507fe4c362ad5aa99b5db01673e88ec8bfe605986ceb1480c2e6c97/analysis
Details	Url	1	https://www.symantec.com/security-center/writeup/2004-122109-4444-99
Details	Url	1	https://en.wikipedia.org/wiki/santy
Details	Url	1	https://www.computerhope.com/unix/signals.htm
Details	Url	1	https://perldoc.perl.org/functions/use.html
Details	Url	1	http://mkweb.bcgsc.ca/intranet/perlbook/cookbook/ch17_16.htm
Details	Url	1	https://perldoc.perl.org/functions/our.html