Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst

Date: 02/06/2025

Severity: Medium

Summary

"Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst" focuses on reverse engineering the ELF/Sshdinjector.A!tr malware, which can be injected into the SSH daemon. Discovered in mid-November 2024, it is attributed to the DaggerFly espionage group and was used in the Lunar Peek campaign targeting network appliances. The post discusses how both human and artificial intelligence techniques were employed to analyze the attack’s binaries and uncover its behavior.

Indicators of Compromise (IOC) List

Hash	94e8540ea39893b6be910cfee0331766e4a199684b0360e367741facca74191f 0e2ed47c0a1ba3e1f07711fb90ac8d79cb3af43e82aa4151e5c7d210c96baebb 6d08ba82bb61b0910a06a71a61b38e720d88f556c527b8463a11c1b68287ce84

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Detection Query 1

sha256hash IN ("94e8540ea39893b6be910cfee0331766e4a199684b0360e367741facca74191f","6d08ba82bb61b0910a06a71a61b38e720d88f556c527b8463a11c1b68287ce84","0e2ed47c0a1ba3e1f07711fb90ac8d79cb3af43e82aa4151e5c7d210c96baebb")

Reference:

https://www.fortinet.com/blog/threat-research/analyzing-elf-sshdinjector-with-a-human-and-artificial-analyst

Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst

Summary

Indicators of Compromise (IOC) List

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Tags

Comments

Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst

Summary

Indicators of Compromise (IOC) List

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Tags

Share This

Comments