Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

Supershell Malware Being Distributed to Linux SSH Servers

Sept. 20, 2024, 11:41 a.m.

Description

A Chinese-developed Go-based backdoor called Supershell is targeting poorly managed Linux SSH servers. The malware, which supports multiple platforms, primarily functions as a reverse shell for remote system control. Attackers use dictionary attacks from various IP addresses to gain access, then install Supershell directly or via a downloader script. The malware is downloaded from web and FTP servers. While Supershell is the initial payload for control hijacking, XMRig Monero CoinMiners are often installed alongside it, suggesting cryptocurrency mining as the ultimate goal. To protect against such attacks, administrators should use strong passwords, update systems regularly, and implement security measures like firewalls.

Date

Published: Sept. 20, 2024, 11:22 a.m.

Created: Sept. 20, 2024, 11:22 a.m.

Modified: Sept. 20, 2024, 11:41 a.m.

Indicators

cf5a7b7c71564a5eef77cc5297b9ffd6cd021eb44c0901ea3957cb2397b43e15

23dbfb99fc6c4fcfc279100c4b6481a7fd3f0b061b8d915604efa2ba37c8ddfa

157bea84012ca8b8dc6c0eabf80db1f0256eafccf4047d3e4e90c50ed42e69ff

45.15.143.197

107.189.8.15

Attack Patterns

Supershell

XMRig

T1543.002

T1021.004

T1571

T1059.004

T1070.004

T1105

T1496

T1053

T1190

T1078