Description
A Chinese-developed Go-based backdoor called Supershell is targeting poorly managed Linux SSH servers. The malware, which supports multiple platforms, primarily functions as a reverse shell for remote system control. Attackers use dictionary attacks from various IP addresses to gain access, then install Supershell directly or via a downloader script. The malware is downloaded from web and FTP servers. While Supershell is the initial payload for control hijacking, XMRig Monero CoinMiners are often installed alongside it, suggesting cryptocurrency mining as the ultimate goal. To protect against such attacks, administrators should use strong passwords, update systems regularly, and implement security measures like firewalls.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 20, 2024, 11:22 a.m. | Sept. 20, 2024, 11:22 a.m. | Sept. 20, 2024, 11:41 a.m. |
Indicators
cf5a7b7c71564a5eef77cc5297b9ffd6cd021eb44c0901ea3957cb2397b43e15
23dbfb99fc6c4fcfc279100c4b6481a7fd3f0b061b8d915604efa2ba37c8ddfa
157bea84012ca8b8dc6c0eabf80db1f0256eafccf4047d3e4e90c50ed42e69ff
45.15.143.197
107.189.8.15
Attack Patterns
Supershell
XMRig
T1543.002
T1021.004
T1571
T1059.004
T1070.004
T1105
T1496
T1053
T1190
T1078