← Back to Pulse Feed
PULSE DETAIL
安天CERT近期发现“游蛇(银狐)”黑产利用仿冒的FinalShell下载网站传播远控木马,并结合搜索引擎SEO技术进行投毒攻击,使其搭建的恶意网站在搜索结果中的排名靠前,并且其域名也具有一定的迷惑性,从而诱导用户访问并下载恶意程序。此外,安天CERT发现有CSDN用户曾在发布的文章中将该恶意网站描述为官网下载地址。FinalShell是一款集远程连接、系统管理和开发辅助于一体的跨平台工具,由国内团队开发,支持Windows、macOS、Linux,常用于运维和开发场景。
Indicators of Compromise (12)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 1976709fe09cdade193ebc495eef9c3a | — | 2025-09-22 | |
| FileHash-MD5 | 1a65b67cdf9da962b055e595ee8aa1fb | — | 2025-09-22 | |
| FileHash-MD5 | 50067b1957384d132f9fa60f8e6dae24 | — | 2025-09-22 | |
| FileHash-MD5 | a912936ae3ad7566d4596e21b358919c | — | 2025-09-22 | |
| FileHash-MD5 | d09137c75f1db7250f0e331d90b41aa8 | — | 2025-09-22 | |
| FileHash-MD5 | ec1e1c2e7f48a66476f7ed30b6cb0442 | — | 2025-09-22 | |
| FileHash-SHA1 | 3af4b7618d7947e0136562e5f821d877b0c5fe64 | SHA1 of 1976709fe09cdade193ebc495eef9c3a | 2025-09-22 | |
| FileHash-SHA1 | dcfc683bbcfd1e6ba4c5bfb6d6e109627e447171 | SHA1 of ec1e1c2e7f48a66476f7ed30b6cb0442 | 2025-09-22 | |
| FileHash-SHA256 | 30120ff2ccec5ed8e597799e779ae90ea7448e8b492e9392928e66696608e5b6 | SHA256 of ec1e1c2e7f48a66476f7ed30b6cb0442 | 2025-09-22 | |
| FileHash-SHA256 | 3784c757450a2827a665b52088c6891d3342345a0c4b5dcfc67f9bad515d6c26 | SHA256 of 1976709fe09cdade193ebc495eef9c3a | 2025-09-22 | |
| domain | finalshell-ssh.com | — | 2025-09-22 | |
| hostname | xxx.2j3j.xyz | — | 2025-09-22 |
References (1)