Sandworm Centreon Campaign
Sandworm intrusion campaign targeting French IT monitoring software Centreon, attributed by ANSSI.
Start date
1 January 2021
End date
—
Techniques
13
Indicators of compromise
12
4 sha2564 sha14 md5
Attributed actors
Techniques (13)
command-and-control3
T1090.001Internal Proxy
T1105Ingress Tool Transfer
T1071.001Web Protocols
discovery2
T1082System Information Discovery
T1083File and Directory Discovery
execution2
T1059.003Windows Command Shell
T1059.004Unix Shell
exfiltration1
T1041Exfiltration Over C2 Channel
initial-access2
T1078Valid Accounts
T1190Exploit Public-Facing Application
persistence2
T1078Valid Accounts
T1543.002Systemd Service
privilege-escalation2
T1078Valid Accounts
T1543.002Systemd Service
stealth3
T1078Valid Accounts
T1070.004File Deletion
T1027Obfuscated Files or Information
Indicators of compromise (12)
SHA2564
e1ff729f45b587a5ebbc8a8a97a7923fc4ada14de4973704c9b4b89c50fd1146confirmed
893750547255b848a273bd1668e128a5e169011e79a7f5c7bb86cc5d7b2153bcconfirmed
ebe98d5e1ab6966ec1e292fafbd5ef21c2b15bd7c7bb871d8e756971b8b6877aconfirmed
928d8dde63b0255feffc3d03db30aa76f7ed8913238321cc101083c2c5056ffaconfirmed
SHA14
c69db1b120d21bd603f13006d87e817fed016667confirmed
a739f44390037b3d0a3942cd43d161a7c45fd7e7confirmed
b7afb8c91f8f9df4f18764c25251576a0f8bef6fconfirmed
5a58e46e5b8f468445f848f8eca741eddebcef3econfirmed
MD54
a89251cd4c15909a8e15256ead40584econfirmed
9885fcdda12167b2f598b2d22de07d5bconfirmed
84837778682450cdca43d1397afd2310confirmed
92ef0aaf5f622b1253e5763f11a08857confirmed