← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine
WHITE Gelsemium Tr1sa111 2024-12-17 Modified: 2024-12-22
137
IOCs
HIGH VOLUME
linuxwolfsbanerootkitaptbackdoorpersistencegelsevirinecyberespionageproject woodfirewood
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
WolfsBane FireWood Gelsemium - S0666 Gelsevirine Gelsenicine Gelsemine Project Wood
Indicators of Compromise (137)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0ff2f7ef56717a032d970ff8b78c85e4 2024-12-17
FileHash-MD5 17ffeda7cf0f19381fb1eb0e70c03927 2024-12-17
FileHash-MD5 1b6868f8c412e1e6efc4d7149173c5a9 2024-12-17
FileHash-MD5 2251bc7910fe46fd0baf8bc05599bdcf 2024-12-17
FileHash-MD5 24fff48947a8f5a100e21d5592f92d4c 2024-12-17
FileHash-MD5 3230cb323663710d52dfe18b9f0cb369 2024-12-17
FileHash-MD5 35b4867b323749cc72406f471b149efc 2024-12-17
FileHash-MD5 35e941f5df1560f0c2191c23e5189ada 2024-12-17
FileHash-MD5 4b51d56955a4438481f8452120a36aa0 2024-12-17
FileHash-MD5 5480f12015b0520b7e33519725bec6ef 2024-12-17
FileHash-MD5 5789e8b1a31d7117b05143cec4a85378 2024-12-17
FileHash-MD5 5d7cd888012605ddeab265865b7ba994 2024-12-17
FileHash-MD5 61d5bc51f97b9df015dea3990cfef29b 2024-12-17
FileHash-MD5 66920df486acdd7aaa48baf6a5b753d5 2024-12-17
FileHash-MD5 6d9957965ead9b7b9d7f896de59f8c1b 2024-12-17
FileHash-MD5 77bb729852a957efc606c64180543ea9 2024-12-17
FileHash-MD5 8545af9eb02ab26574df2834bcf1a5a5 2024-12-17
FileHash-MD5 87e437cf74ce4b1330b8af9ff71edae2 2024-12-17
FileHash-MD5 87eb0975758ecef44e8368914cffe151 2024-12-17
FileHash-MD5 97d46525797ffa7530851481eb96dd47 2024-12-17
FileHash-MD5 9ca6d9526a1c9fb2e624c382f687a92d 2024-12-17
FileHash-MD5 9cacec575782d7b25a94f10e2061ac4c 2024-12-17
FileHash-MD5 bc4d2f84a6ce49f06a6be32ccfaa1630 2024-12-17
FileHash-MD5 c857b9f9b8bd330e160cc3a3c274b068 2024-12-17
FileHash-MD5 cd5da0b66319efbe346a4ac98df2f6d0 2024-12-17
FileHash-MD5 d1a505f2a335a8aa05d3b74358157ff3 2024-12-17
FileHash-SHA1 029407c923c279803c6d7cbc7673936bca2e580c 2024-12-17
FileHash-SHA1 0471e1a214f458d4c478677ec9896b0f31207377 2024-12-17
FileHash-SHA1 055f1e13e0fea44dc42e8cd8c9219ed588360304 2024-12-17
FileHash-SHA1 0ab53321bb9699d354a032259423175c08fec1a4 2024-12-17
FileHash-SHA1 0cedfb1789ef139b6040cf8d84ba130360c4eb7d 2024-12-17
FileHash-SHA1 0fef89711da11c550d3914debc0e663f5d2fb86c 2024-12-17
FileHash-SHA1 1042c798d7ff69eb52cbeae684c74fc0ee84aacd 2024-12-17
FileHash-SHA1 1dd4e8119efb34beaec6af55b66222d3dc5036eb 2024-12-17
FileHash-SHA1 209c4994a42af7832f526e09238fb55d5aab34e5 2024-12-17
FileHash-SHA1 21c9b87a8cf75deba6cff8cf66aa015d6fb46be2 2024-12-17
FileHash-SHA1 225fa75d48c7699c3961db1904993e39ae051940 2024-12-17
FileHash-SHA1 238c8e8eb7a732d85d8a7f7ca40b261d8ae4183d 2024-12-17
FileHash-SHA1 239db66faa803772f2a8905b1e77377a5bf78351 2024-12-17
FileHash-SHA1 2668050fcad373fcd548792d9793375e4d704bef 2024-12-17
FileHash-SHA1 2b03ffe35090ce5f9341e046464c9eed8a64441d 2024-12-17
FileHash-SHA1 2d6ceaf73ea7f70135d9a82a397625c89c408f05 2024-12-17
FileHash-SHA1 2f795d69641312b6653b59c2653d7bf368a4405f 2024-12-17
FileHash-SHA1 366a9e646a167fcd2381bc15905f7d7a5e76a100 2024-12-17
FileHash-SHA1 36e46ad4a9f31634d32b26bdba618df5ecdca188 2024-12-17
FileHash-SHA1 374c38e11c50f5eddd8f3708c557529a62446a4e 2024-12-17
FileHash-SHA1 39d7bbf6b95fa8bf37fe434dc6efe380bbf9ab23 2024-12-17
FileHash-SHA1 43d27a9c57d252999259aafee9760bda00d1207d 2024-12-17
FileHash-SHA1 43eec66f6d68f286357004dc62d6da01991a2eb8 2024-12-17
FileHash-SHA1 44947903b2bc760ac2e736b25574be33bf7af40b 2024-12-17
FileHash-SHA1 47e0bc09b9b092bf5de415e663bd848917ea8303 2024-12-17
FileHash-SHA1 4a932622a1a5259e9c97ebfa8dc11fa84dffe039 2024-12-17
FileHash-SHA1 544717ef96a59135cd0a93886c273e3ffe702c1a 2024-12-17
FileHash-SHA1 5eacce21513d29a6f318b338d3ee39cc2752f72b 2024-12-17
FileHash-SHA1 600c59733444bc8a5f71d41365368f3002465b10 2024-12-17
FileHash-SHA1 625e0d33966e4060d57c1daca5eb6d1a51bba3c3 2024-12-17
FileHash-SHA1 6ae33a9df4e7d5d19c67edc1d1b73c1674ff5fc1 2024-12-17
FileHash-SHA1 6edbf71680f11681eea34be293f5c580de2e16e0 2024-12-17
FileHash-SHA1 6f22c761898a3db9a3788967d90a77331dfa66b3 2024-12-17
FileHash-SHA1 6f23354186659cd2a02a5521b39f6246199d83af 2024-12-17
FileHash-SHA1 6f43fe80806a3fe5c866c0b63cc5b105a85d0e75 2024-12-17
FileHash-SHA1 72db8d1e3472150c1be93b68f53f091aacc2234d 2024-12-17
FileHash-SHA1 762f73329ff2ebe2b8f55205f886cb5f1de99483 2024-12-17
FileHash-SHA1 78102e569c4f40d011d941bdd8fcaab508edacd6 2024-12-17
FileHash-SHA1 796ebb4074dde56fc1edefed0628db68b0857e8a 2024-12-17
FileHash-SHA1 7b79c0c0e6d9d1760005416a463beea4518b822c 2024-12-17
FileHash-SHA1 7e5bf24946c77a96532da6fd09eaa1ec4e6f1a91 2024-12-17
FileHash-SHA1 8090d015d6770e6826f3a9266dd3b0998d30ddc3 2024-12-17
FileHash-SHA1 843d6b0054d066845628e2d5db95201b20e12cd2 2024-12-17
FileHash-SHA1 8532eca04c0f58172d80d8a446ae33907d509377 2024-12-17
FileHash-SHA1 85528eac10090ae743bcf102b4ae7007b6468255 2024-12-17
FileHash-SHA1 88e4679e9a47a51bd82dc22460b5a69fd7d12acc 2024-12-17
FileHash-SHA1 8ab3acc8a3f89e5b8e7a1929149d273eddadae64 2024-12-17
FileHash-SHA1 8bf0cab4a700bed3e5d7d38c8868d4f388df9a54 2024-12-17
FileHash-SHA1 988a70df8a39034ce817d6b968e48103d824a426 2024-12-17
FileHash-SHA1 9a2daf6cf400408f1714ef9ba659f7491bdab612 2024-12-17
FileHash-SHA1 9c99eb944db0797682d54a57e2782956223e9bd8 2024-12-17
FileHash-SHA1 9f7790524bd759373ab57ee2aafa6f5d8bcb918a 2024-12-17
FileHash-SHA1 a20c5bf7a30f597524a74d78dfe7ef6f15edad52 2024-12-17
FileHash-SHA1 a80c7010fea9915a0a82108139aec3aa2363f0df 2024-12-17
FileHash-SHA1 b2a14e77c96640914399e5f46e1dec279e7b940f 2024-12-17
FileHash-SHA1 b3dfb40336c2f17ec74051844ffaf65ddb874cfc 2024-12-17
FileHash-SHA1 b663c7381f53c2fa6d4619a5fe7d63d3fd7a3455 2024-12-17
FileHash-SHA1 bca97bf7e93309e49311701b22569395b2baecc7 2024-12-17
FileHash-SHA1 bed9efb245fac8cfff8333ae37ad78ccfb7e2198 2024-12-17
FileHash-SHA1 c64435ccd604e142c6498417d66b4950c7c6b670 2024-12-17
FileHash-SHA1 ca25fb923f8a8f0293e52893979b7e429e913d7b 2024-12-17
FileHash-SHA1 cdbbb6617d8937d17a1a9ef12750bee1cddf4562 2024-12-17
FileHash-SHA1 cf4210f762798486cc9d4911d2d9f0f6b2bdf687 2024-12-17
FileHash-SHA1 dcb4d0a47ea40fe4420b14552082e03e0e5fda9d 2024-12-17
FileHash-SHA1 eca6363825c079099f3729097c06808ac32d4547 2024-12-17
FileHash-SHA1 f04feb22efaa8f401470fa5808adab9b35e87c4c 2024-12-17
FileHash-SHA1 f1df0c5a74c9885cb5934e3eee5e7d3cf4d291c0 2024-12-17
FileHash-SHA1 f43d4d46bae9ad963c2eb05ef43e90aa3a5d88e3 2024-12-17
FileHash-SHA1 fd601a54bc622c041df0242662964a7ed31c6b9c 2024-12-17
FileHash-SHA256 00b701e3ef29912c1fcd8c2154c4ae372cfe542cfa54ffcce9fb449883097cec 2024-12-17
FileHash-SHA256 109d4b8878b8c8f3b7015f6b3ae573a6799296becce0f32ca3bd216bee0ab473 2024-12-17
FileHash-SHA256 1a9d78e5c255de239fb18b2cf47c4c2298f047073299c27fb54a0edf08a1d5a1 2024-12-17
FileHash-SHA256 1b6bb9e9612982f9cb55a1c88ae988d362d03fd57748d10b8cbe7acd724055c9 2024-12-17
FileHash-SHA256 1ec286f2194199206e4ce345f1bf322b6b0b4c947b1cf32db59cca2d89370738 2024-12-17
FileHash-SHA256 1f6de1af513f60572799a0893818e1b694c3ec3ff5dabddc8a0f0aa0d96d15d2 2024-12-17
FileHash-SHA256 29e78ca3cb49dd2985a29e74cafb1a0a15515670da0f4881f6095fb2926bfefd 2024-12-17
FileHash-SHA256 2bab6b951ea0ae3ea9452fd503bacafb45b6687d6352f5415d14810f9cf7a89e 2024-12-17
FileHash-SHA256 31d5e55f21246f97da006ddba6306b357d2823c90754a920c7bd268af0d2a1e4 2024-12-17
FileHash-SHA256 46338cae732ee1664aac77d9dce57c4ff8666460c1a51bee49cae44c86e42df9 2024-12-17
FileHash-SHA256 5299fe79a66b407555cdab68806564ae988b745be589767b004f7bccd7f7ac3b 2024-12-17
FileHash-SHA256 552388d74478a84b8e64e3ee2316331740a0d060f322e92b5c608ea745adba90 2024-12-17
FileHash-SHA256 5d12c085b600ea2ea42d09e2104ac40d8ba2b6d005db06e12c16016200a92bd8 2024-12-17
FileHash-SHA256 6005ecce702b84de6d46838839b2271df631ab42325b70e27324e6cabda76e7f 2024-12-17
FileHash-SHA256 6eaeca0cf28e74de6cfd82d29a3c3cc30c2bc153ac811692cc41ee290d766474 2024-12-17
FileHash-SHA256 7795a7f3bd08cb62ec6f828ad1f6836114b3e8cf153d905e3f03d6199f1f8354 2024-12-17
FileHash-SHA256 93c29bf19e09ea3b1e4ac5d31f47024a544738671488ff7ab2cd8f9a9c302262 2024-12-17
FileHash-SHA256 97982e098a4538d05e78c172c9bbc5b412754df86dc73e760004f0038ec928fb 2024-12-17
FileHash-SHA256 ae1b66e35a4e1ab8870837a52f3e4acda9e722b3f835d238acb472be49e915d6 2024-12-17
FileHash-SHA256 c26d239f415bec27125862acafdeac267be398bc9208e27f09217dc8ecf64225 2024-12-17
FileHash-SHA256 cff20753e36a4c942dc4dab5a91fd621a42330e17a89185a5b7262280bcd9263 2024-12-17
FileHash-SHA256 d986207bc108e55f4b110ae208656b415d2c5fcc8f99f98b4b3985e82b9d5e5b 2024-12-17
FileHash-SHA256 ec491de0e2247f64b753c4ef0c7227ea3548c2f222b547528dae0cf138eca53a 2024-12-17
FileHash-SHA256 f0d23aa026ae6ba96051401dc2b390ba5c968d55c2a4b31a36e45fb67dfc2e3c 2024-12-17
FileHash-SHA256 fddec9ff14ebd957038f9c24843bff935c4f73651e9704b553dec116851f7ae5 2024-12-17
FileHash-SHA256 fe71b66d65d5ff9d03a47197c99081d9ec8d5f6e95143bdc33f5ea2ac0ae5762 2024-12-17
domain 4vw37z.cn 2024-12-17
domain asidomain.com 2024-12-17
domain dsdsei.com 2024-12-17
hostname acro.ns1.name 2024-12-17
hostname domain.dns04.com 2024-12-17
hostname info.96html.com 2024-12-17
hostname microsoftservice.dns1.us 2024-12-17
hostname pctftp.otzo.com 2024-12-17
hostname sitesafecdn.hopto.org 2024-12-17
hostname traveltime.hopto.org 2024-12-17
hostname www.sitesafecdn.dynamic-dns.net 2024-12-17
hostname www.travel.dns04.com 2024-12-17
FileHash-MD5 5ebd4452848879202414a46a09cd2eab 2024-12-17
FileHash-SHA1 ed5342d9788392c6e854aaefa655c4d3b4831b6b 2024-12-17
FileHash-SHA256 a67ac84f61b34b59827cef79b11709d137cc9490d6027e16279793b9b3e894c4 2024-12-17
hostname rootkit.agent.ec 2024-12-17
References (1)
↗ https://www.welivesecurity.com/en/eset-research/unveiling-wolfsbane-gelsemiums-linux-counterpart-to-gelsevirine/