otx.alienvault.com
Open in
urlscan Pro
99.86.4.45
Public Scan
URL:
https://otx.alienvault.com/pulse/63e25c5cbc100230953c2d2e
Submission: On February 07 via api from US — Scanned from DE
Submission: On February 07 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (217823) Suggest Edit Clone Embed Download Report Spam SLIVER MALWARE WITH BYOVD DISTRIBUTED THROUGH SUNLOGIN VULNERABILITY EXPLOITATIONS * Created 40 minutes ago * Modified 10 minutes ago by AlienVault * Public * TLP: White In a series of posts, the AhnLab Security Emergency Response Center (ASEC) analysis team explains why Sliver, an open-source penetration testing tool, is being used by threat actors to test security products. Reference: https://asec.ahnlab.com/en/47088/ Tags: Sliver, Gh0st RAT, XMRig Malware Families: Gh0st RAT , Sliver Att&ck IDs: T1059 - Command and Scripting Interpreter , T1068 - Exploitation for Privilege Escalation , T1210 - Exploitation of Remote Services , T1102 - Web Service , T1072 - Software Deployment Tools Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (28) * Related Pulses (7) * Comments (0) * History (0) IPv4 (2)FileHash-SHA256 (6)URL (3)FileHash-SHA1 (6)FileHash-MD5 (11) TYPES OF INDICATORS Hong Kong (1)Russia (1) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses URLhttp://61.155.8.2:81/c6/include/images/help23.sctFeb 7, 2023, 2:12:45 PM3 FileHash-SHA256c55672b5d2963969abe045fe75db52069d0300691d4f1f5923afeadf5353b9d2Backdoor:PowerShell/Powercat.AFeb 7, 2023, 2:12:45 PM6 FileHash-SHA256bad64cf05fd2161c8f050d335134ce6ab5372205588c46bb5e81b1d53f7b319eWin.File.Sliver-9942542-0Feb 7, 2023, 2:12:45 PM1 FileHash-SHA256990331b02e5d80d354240cb4207908279139a8843ecc80a1e758a808a4a46de1Win64:Malware-genFeb 7, 2023, 2:12:45 PM2 FileHash-SHA2566284f25e55948bfa670eaf5a9bb62281b709331e32874178ab785f0131825b43ConventionEngine_Term_UsersFeb 7, 2023, 2:12:45 PM2 FileHash-SHA25641d83e822dab460b296232e16ae60980928cd802e90ff5c1b2ebe31d1e0692c2Feb 7, 2023, 2:12:45 PM1 FileHash-SHA2560576670c1be24805ff31ce945ab88d56651538d8c48f9c8b3e1f0a7fe76901d6Trojan:Win32/TubaretFeb 7, 2023, 2:12:45 PM2 FileHash-SHA1f894e9d0404a25a9e19f1feac94d1270256a827aWin64:Malware-genFeb 7, 2023, 2:12:45 PM2 FileHash-SHA1e87b2380ff2e8bcf7b3f4768bb9785230ebd1c5bConventionEngine_Term_UsersFeb 7, 2023, 2:12:45 PM2 FileHash-SHA1d22fdd889074facc52f93eac1f8af6d473cd4794Trojan:Win32/TubaretFeb 7, 2023, 2:12:45 PM2 SHOWING 1 TO 10 OF 28 ENTRIES 1 2 3 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2023 AlienVault, Inc. * Legal * Status