KXK00OOkxxkO00KX0
,NXKxo:,'... ...';cdOXN:
l;. ..,:ldxkOOOOOOkkxol:,.. .o
dk lOOOOOOkkkkkkkkkkkOOOOOOx dk
KNXOc. :0OkkkkkkkkkkkkkkkkkkkkkO0l. :kXNX
x. .'ckOOkkkkkkkkkkkookkkkkkkkkkOOOl,. .k
d. o0Okkkkkkkkkkkkk. okkkkkkkkkkOO0k x
l. c0kkkkkkko. .ckk .kd..'xkkkkkk0x .o
;, ;0kkkkkkkc ;ko. .dk. :kkkkkk0l ':
.l .OOkkkkkkkl. .lkocldkkl. 'xkkkkkOO, c.
l o0kkkk:..'dkkk. .;okkkkkkkkk0x l
.: .OOkkk; xk, .:kkkkkO0; ;.
;. :0kkkko;,cko :kkkk0d .:
: oOkkkkkkkk .dkkk0k. :
: dOkkkkkkk .:odxkkkkkOk. ;
; oOkkkkkkx:,,ckkkkkkkkkkOx. ,
'. ;OOkkkkkkkkkkkkkkkkkOOc '
' .lOOkkkkkkkkkkkkkOOd. .
. .lOOkkkkkkkkkOOo' ..
' .;dOOOkOOOx:. .
.. .,lxo;. ..
.. ..
____ ___ __ ____ _ _
| _ \ / \ \ / / | _ \ __ _| |_ _ __ _ _| | ___ ___
| |_) / _ \ \ /\ / / | |_) / _` | __| '__| | | | |/ _ \/ __|
| __/ ___ \ V V / | __/ (_| | |_| | | |_| | | __/\__ \
|_| /_/ \_\_/\_/ |_| \__,_|\__|_| \__,_|_|\___||___/
We can observe that on all IP addresses listed in the SSH-based (Active) Backdoor IOCs by Prodaft (December 2022 report), the OpenSSH servers (on Debian OS) are listening on ports 53/TCP, 80/TCP and 443/TCP and have the same hassh.
Source :
https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang
Last edited : 2023/01/03