More SSH Fun!
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A Windows batch file has been discovered that abuses the ssh.exe tool in modern Windows versions to create a backdoor. The script adds a registry entry for persistence and uses SSH to set up a reverse tunnel, allowing remote access. It also downloads and executes a malicious file using a Dev Tunnels URL, a Microsoft feature similar to ngrok. The script disables host key verification and enables local command execution through SSH. While the specific malicious payload (Ghost.exe) is no longer available, it is suspected to be a Remote Access Trojan (RAT). This technique demonstrates the creative misuse of legitimate tools for malicious purposes.
OPENCTI LABELS :
ssh,dev tunnels
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
More SSH Fun!