Cybersecurity

5983 readers

529 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence (www.cadosecurity.com)

submitted 10 months ago by kid to c/cybersecurity

0 comments fedilink hide all child comments

Indicators of Compromise

Filename	SHA256
cronb.sh	d4508f8e722f2f3ddd49023e7689d8c65389f65c871ef12e3a6635bbaeb7eb6e
ar.sh	64d8f887e33781bb814eaefa98dd64368da9a8d38bd9da4a76f04a23b6eb9de5
fkoths	afddbaec28b040bcbaa13decdc03c1b994d57de244befbdf2de9fe975cae50c4
s.sh	251501255693122e818cadc28ced1ddb0e6bf4a720fd36dbb39bc7dedface8e5
bioset	0c7579294124ddc32775d7cf6b28af21b908123e9ea6ec2d6af01a948caf8b87
d.sh	0c3fe24490cc86e332095ef66fe455d17f859e070cb41cbe67d2a9efe93d7ce5
h.sh	d45aca9ee44e1e510e951033f7ac72c137fc90129a7d5cd383296b6bd1e3ddb5
w.sh	e71975a72f93b134476c8183051fee827ea509b4e888e19d551a8ced6087e15c
c.sh	5a816806784f9ae4cb1564a3e07e5b5ef0aa3d568bd3d2af9bc1a0937841d174
Paths
/usr/bin/vurl
/etc/cron.d/zzh
/bin/zzhcht
/usr/bin/zzhcht
/var/tmp/.11/sshd
/var/tmp/.11/bioset
/var/tmp/.11/..lph
/var/tmp/.dog
/etc/systemd/system/sshm.service
/etc/systemd/system/sshb.service
/etc/systemd/system/zzhr.service
/etc/systemd/system/zzhd.service
/etc/systemd/system/zzhw.service
/etc/systemd/system/zzhh.service
/etc/…/.ice-unix/
/etc/…/.ice-unix/.watch
/etc/.httpd/…/httpd
/etc/.httpd/…/httpd
/var/.httpd/…./httpd
/var/.httpd/…../httpd
IP Addresses
47[.]96[.]69[.]71
107[.]189[.]31[.]172
209[.]141[.]37[.]110
Domains/URLs
http[:]//b[.]9-9-8[.]com
http[:]//b[.]9-9-8[.]com/brysj/cronb.sh
http[:]//b[.]9-9-8[.]com/brysj/d/ar.sh
http[:]//b[.]9-9-8[.]com/brysj/d/c.sh
http[:]//b[.]9-9-8[.]com/brysj/d/h.sh
http[:]//b[.]9-9-8[.]com/brysj/d/d.sh
http[:]//b[.]9-9-8[.]com/brysj/d/enbio.tar

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here