Breaking News

Ready For War!

The Current Status of the United States, WW3, and the Dangers to the American People

The Current Status of the United States, WW3, and the Dangers to the American People

enhancing ChatGPT with MEDUSA AI

enhancing ChatGPT with MEDUSA AI

Microsoft researchers accidentally leaked 38TB of confidential information onto the company’s GitHub page

Microsoft researchers accidentally leaked 38TB of confidential information onto the company’s GitHub page

American and Southwest Airlines suffer a data breach

American and Southwest Airlines suffer a data breach

Hackers Inject Shell Scripts into eCommerce Sites to Steal Credit Card Data — Cyber Security News

Hackers Inject Shell Scripts into eCommerce Sites to Steal Credit Card Data — Cyber Security News

6 Million Pharmacy Records Breached

6 Million Pharmacy Records Breached

OpenSSH Trojanized Campaign

Posted on June 25, 2023June 26, 2023 by YodaSec

Terms and Conditions

6 min read

Researchers have discovered a sophisticated attack campaign that exploits custom and open-source tools to target Linux-based systems and IoT devices.

The attack campaign involves a C2 that uses a subdomain belonging to a Southeast Asian financial institution. The attackers utilized a patched version of OpenSSH to gain control of compromised devices and install cryptomining malware.

The threat actor employs a backdoor that installs a modified version of OpenSSH, allowing the attackers to hijack SSH credentials, move laterally within networks, and conceal malicious SSH connections.

Advertisements

https://c0.pubmine.com/sf/0.0.7/html/safeframe.html

REPORT THIS AD

The attack chain involves threat actors initiated it by brute-forcing credentials on misconfigured internet-facing Linux devices. Once compromised, they downloaded and installed the malicious OpenSSH package, which granted them persistent access and the ability to intercept SSH credentials.

Furthermore, the backdoor deploys open-source rootkits, such as Diamorphine and Reptile, to hide its presence on the compromised systems.

It also established communication with a remote command and control server via an IRC bot called ZiggyStarTux. This enabled the threat actors to issue commands and launch DDoS attacks.

Safety Measures

Ensure secure configurations for internet-facing devices,
Maintain up-to-date firmware and patches
Use secure VPN services for remote access and adopting comprehensive IoT security solutions.

Indicators of Compromise

Advertisements

https://c0.pubmine.com/sf/0.0.7/html/safeframe.html

REPORT THIS AD

asterzeu[@]yahoo[.]com
dotsysadmin[@]protonmail[.]com
185.161.208[.]234
139.180.185[.]24
199.247.30[.]230
149.28.239[.]146
209.250.234[.]77
70.34.220[.]100
irc[.]socialfreedom[.]party
singapore[.]sg[.]socialfreedom[.]party
amsterdam[.]nl[.]socialfreedom[.]party
frankfurt[.]de[.]socialfreedom[.]party
sidney[.]au[.]socialfreedom[.]party
losangeles[.]us[.]socialfreedom[.]party
mumbaitravelers[.]org
sh[.]madagent[.]tm
ssh[.]madagent[.]tm
dumpx[.]madagent[.]tm
reg[.]madagent[.]tm
sshm[.]madagent[.]tm
z[.]madagent[.]tm
ssho[.]madagent[.]tm
sshr[.]madagent[.]tm
sshu[.]madagent[.]tm
user[.]madagent[.]tm
madagent[.]cc
cler[.]madagent[.]cc
dumpx[.]madagent[.]cc
mh[.]madagent[.]cc
ns1[.]madagent[.]cc
ns2[.]madagent[.]cc
ns3[.]madagent[.]cc
ns4[.]madagent[.]cc
reg[.]madagent[.]cc
ssh[.]madagent[.]cc
sshm[.]madagent[.]cc
ssho[.]madagent[.]cc
sshr[.]madagent[.]cc
sshu[.]madagent[.]cc
user[.]madagent[.]cc
www[.]madagent[.]cc
rsh[.]sys-stat[.]download
sh[.]sys-stat[.]download
sh[.]rawdot[.]net
ssho[.]rawdot[.]net
donate[.]xmr[.]rawdot[.]net
pool[.]rawdot[.]net
2018[.]rawdot[.]net
blog[.]rawdot[.]net
clients[.]rawdot[.]net
ftp[.]rawdot[.]net
psql01[.]rawdot[.]net
www[.]rawdot[.]net
sh[.]0xbadc0de[.]stream
ss[.]0xbadc0de[.]stream
a26631dcc1aef92a92d2d37476fb1e9becae54541e0411224a441d3afc20b02a
6e9b692b401a57db306bd6c95409042aa6ed075088a40a6ceb74f96895116b62
5e11731e570fc79ad07da4f137e103e0ebfa45530fabd8fa9a9fece4e497bce0
22c2115becd1d0ff9dfe70d14a52ab0354e420f4bfe0df70ca0d55d3c557c6b3
d335c83c0dd5bc9a078e796016f9a9f845ff89ee434c63c7a2e7b360e8be3e95
336928c813f3c0ab9aaad5a9853ed96b3f82e7b2b6d96139a7ebb146337dd248
1f6a52ce5ee017f88bd5f9028e3741e69837437cc48444d31d50ef28f1ed03f4
b72f21077f9f4d85d555cc6c18677e285b61f980ca99d0495d52f0cbbe66517a
8e7c6cbbb17ffe5ea98986dd36c3e979bc348626637ff9bfd55cb08414f3494c
39b640f62c0046139c41bccd0f98f96165597d50c4823ed88154160c0cae6bd1
b77f991a9e0533a7bb39480ba7e96c29a1c1c9e2e212497cfbf6221751a196a2
1782930bc2d46da541c980c09b13811f504b743e485a2befb0df1e5865a95847
7ea1db1581afb977ec6d4abadf98660526205f23c366f7ba6aa04061762b5a7e
4b23d2126a6aec79396630dc10bdf279d9dafc71358145ab0b726cdf0a90dedf
081ad11e67af3fd98cb34cae89a5d26699f132a7ada62b1409eb85eaa4431437
8ff06c7f0c105301397d15b1be3f6fe3ba081bbe042136c5b0fa4478ab59650d
28616594b320b492c04429ab2f569d22d56bd9a047903f214d8b0eacab9b9c14
e22148ae0cb1a5cc7743351909cd0ae99ba6a84e181dded1cfa9fa0ed9e4f0e2
6101fcda212f2ee2340e85eaac071ffa95507166ba253d555a69c9ab6c16b148
52fb0dcd929d57e32c8383873897963dd671b626d7e31dd98d2b092a9b57be43
78701d6cafb3e477a033d63b99d480c2d7647079133ecabdcb54cd7a520e46de
2eb5a4766dd7b90674f16eea62ba4e9c33dac8023e1692ed67c917bca448d14f
c775964fe1207b6a6f9faf818c63874b2bf5612581e3c3b2d9f6eeee969229d8
75385bb1548c567c4814ad5c13fde6bf64e47694c244e1c26e903abc4523c667
bc1e444ab92bb40e41e08846f3e485ffa17ab98563f2ed2129ef1b02c3d5a878
8cb1df542bc60eb187066c136ae413540b33dd28c856ee472dd073affb96a84b
55448d04183a253c939a6463c8992cbc007be237c80de92ff31e3f6606ebd470
9967921339799ed6f510c8a567f8bd69129d75d113f5c63612ceef0d5c4bf019
0a565ebae65fb5fbb34801c2948d35a0b7b5762a9ce51bd55a43181f46bc9723
fdfed7c2bf55d0f2440f623e265ab8b8006987f94d23982688914feffb3c549e
32aa3e5fd9b79dcfd9ebe590b6784527cb17217cdeb61a1791bd4a5f721f0099
30d456d6dbd492923972d5f3ceb72c0f7e80d1f6391d6f9c0f5e889b6f71be66
74f4b030529435a8872c3e10d3341a1988d4fdbba89d9afd876458980f6f7a49
3033bb18554ce62f2f96338af682efb647c98d126734bb20426da8ec49ec1cdd
58b9622960e1bb189a403da6cd73e6ec2cb446680a18092351e5a9fa1a205cbc
0027edb4a3c33f3d0cb5cc6fc85b58a8f7c70b8e57a2d28bed53f11c5f649848
7ca66932d9015bf14b89b8650408e39a65c96f59f9273feaede28cabca8a3bbc
9564172445e66f0d3cb64c42f2298f14093c342b95b023bcb82408b6f2a66cd3
722b1970caa804154d85fb3dba88cf192bf3eedd2fea40c8c49c98130797649d
85877eb8f60c903ccb256e776c3e077295cf10eccff8d8ce4400edc699e8021f
635b3dfadeab6b3c2574b1689607b776518d42c2b9fdb895e25c04a8ae9dee92
3ba302f533fcf065fe3f80b4bbea4653e86a5a8c1c752e4798a64a6be3d06e5d
b8a360e7094e27857c7daacf624f2d9916e002201caf8a88c5aa3bd37f7bc264

Related

Share this post to expose the truth!

X (Twitter)Facebook Pinterest LinkedIn Email Reddit Telegram SMS WhatsApp Pocket Hatena

YodaSec http://yodasec.blog

Exposing the corruption worldwide!

You May Also Like

Ready For War!

November 14, 2023

Israel are putting Christians to prison for believing in Jesus.

Israel are putting Christians to prison for believing in Jesus.

November 9, 2023

Subpoenas ⚠ Buren Crime Family ⚠

November 8, 2023

The Current Status of the United States, WW3, and the Dangers to the American People

The Current Status of the United States, WW3, and the Dangers to the American People

October 29, 2023

When Hamas will attack America

When Hamas will attack America

October 28, 2023

More From Author

Ready For War!

November 14, 2023

Israel are putting Christians to prison for believing in Jesus.

Israel are putting Christians to prison for believing in Jesus.

November 9, 2023

Subpoenas ⚠ Buren Crime Family ⚠

November 8, 2023

The Current Status of the United States, WW3, and the Dangers to the American People

The Current Status of the United States, WW3, and the Dangers to the American People

October 29, 2023

When Hamas will attack America

When Hamas will attack America

October 28, 2023

+ There are no comments

Add yours

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Also Like:

Webwyrm Malware Affects More Than 100,000 Users in 50 Countries 😲

Hacking News and Leaks

Webwyrm Malware Affects More Than 100,000 Users in 50 Countries 😲

Webwyrm Malware Affects More Than 100,000 Users in 50 Countries. Everyone needs to keep check on their information to make sure you have not been […]

Posted on October 9, 2023October 9, 2023 by YodaSec

American and Southwest Airlines suffer a data breach

Hacking Home News and Leaks YodaSec's Blog

American and Southwest Airlines suffer a data breach

American And Southwest Airlines Suffer a Data Breach

Posted on June 25, 2023June 26, 2023 by YodaSec

Hackers Inject Shell Scripts into eCommerce Sites to Steal Credit Card Data — Cyber Security News

Hacking Home News and Leaks YodaSec's Blog

Hackers Inject Shell Scripts into eCommerce Sites to Steal Credit Card Data — Cyber Security News

Hackers Inject Shell Scripts into eCommerce Sites to Steal Credit Card Data

Posted on June 7, 2023 by YodaSec

Software Driving Hardware — Hackaday

Hacking Security Scanner YodaSec's Blog

Software Driving Hardware — Hackaday

We were talking about [Christopher Barnatt]’s very insightful analysis of what the future holds for the Raspberry Pi single board computers on the Podcast. On […]

Posted on June 3, 2023June 3, 2023 by YodaSec

Akira Ransomware Dissection — TheCyberThrone

Hacking News and Leaks YodaSec's Blog

Akira Ransomware Dissection — TheCyberThrone

A new ransomware operation brought in to limelight by the researchers called Akira and targets Akira Ransomware Dissection — TheCyberThrone Share this post to expose the […]

Posted on May 9, 2023May 9, 2023 by YodaSec

Indonesian Hackers Targeting Indian Government Websites, Warns Cybersecurity Alert — The Cyber Monk

Hacking Home News and Leaks YodaSec's Blog

Indonesian Hackers Targeting Indian Government Websites, Warns Cybersecurity Alert — The Cyber Monk

The Indian Cybercrime Coordination Centre (I4C) has issued a warning that an Indonesian hacker group is currently targeting around 12,000 government websites in India. The […]

Posted on April 24, 2023May 6, 2023 by YodaSec

%d