Articles
Observed Activity: Suspicious JavaScript Framework Detection
10 min read
SGI detected a suspicious JavaScript framework originating from a French IP. Analysis reveals low VT detections but potential for malicious use. Review IoCs and harden…
Compromised SSH Keys Detected: Potential for Lateral Movement
10 min read
SGI has observed activity indicative of unauthorized SSH key modification. This could allow attackers to move laterally within compromised networks. Immediate action is required.
Emerging Threat: SSH Authorized Key Injection via Compromised Indonesian Host
10 min read
SGI observed suspicious activity originating from an Indonesian IP address, indicative of an automated attempt to inject SSH authorized keys.
Observed SSH “Authorized Keys” Redirection Attempt
10 min read
SGI observed an attempt to inject an SSH authorized key, potentially granting unauthorized access. Originates from AS46606 (Unified Layer) in Utah. Low severity.
Observed Network Activity from DigitalOcean Infrastructure
10 min read
SGI observed network activity originating from a DigitalOcean IP address. Analysis indicates a low-severity threat, warranting further investigation and monitoring.
Observed Activity: Suspicious JavaScript Framework Deployment
10 min read
SGI observed a low-severity alert related to a JavaScript framework potentially indicative of reconnaissance or early-stage malicious activity. Immediate review recommended.
Observed Activity: Suspicious JavaScript File Transfer from Russian IP
10 min read
SGI detected a suspicious JavaScript file transfer from a Russian IP address (AS8334). The file, while currently undetected by most AV vendors, warrants further investigation.…
Observed Network Activity: Potential Redirection Script Deployment
10 min read
SGI detected network activity from 159.65.148.152 involving a suspicious text file potentially used for redirection. Initial analysis indicates a low-severity risk, but warrants further investigation.
Observed Low-Severity Javascript File Delivery
10 min read
SGI observed a low-severity Javascript file delivery from a Spanish IP address. While currently benign, similar vectors can be used for malicious purposes.
Analysis of Standalone JavaScript Framework Detection
10 min read
SGI observed a low-severity detection of 'standalone-framework.js' originating from Hong Kong. Analysis indicates potential reconnaissance activity. Monitor and review access controls.
Emerging Threat: SSH Authorized Key Redirection Activity
10 min read
SGI observed a low-severity threat involving the redirection of SSH authorized keys, potentially enabling unauthorized remote access. Originated from China.
Observed Activity: Suspicious File Metadata and Network Connection from Indonesia
10 min read
SGI observed a low-severity alert triggered by a file hash originating from Indonesia. Analysis reveals a potentially benign file with unusual metadata.
Observed Network Activity from Dominican Republic
10 min read
SGI observed network activity originating from the Dominican Republic. Analysis indicates a low-severity threat, prompting further investigation and preventative measures.
Observed Activity: Potential Redirection Script
10 min read
SGI observed network activity from a DigitalOcean IP in Australia. Analysis suggests a simple redirection script. Risk is low, but monitoring is advised.
Compromised SSH Keys via Web-Delivered Malware
10 min read
SGI observed a low-severity malware sample redirecting to SSH authorized_keys. This could grant attackers unauthorized system access. Immediate action is needed.
Observed Activity: Potential Reconnaissance from Wuhan, China
10 min read
SGI observed network activity from Wuhan, China, associated with a file hash flagged by VirusTotal. Low severity, but warrants investigation.
Emerging Threat: SSH Unauthorized Key Injection via Compromised Servers
10 min read
SGI observed unauthorized SSH key injection attempts originating from Bangladesh. Threat actors are targeting various user directories. Immediate action is crucial.
Emerging Threat: Unauthorized SSH Key Injection
10 min read
SGI has observed attempted unauthorized SSH key injections. This could lead to unauthorized access and lateral movement within your network.
Emerging Threat: Detection of Suspicious ‘standalone-framework.js’ File
10 min read
SGI observed a potentially malicious 'standalone-framework.js' file originating from China. While currently low severity, proactive monitoring is advised.
Emerging Threat: SSH Authorized Key Injection via Compromised Servers
10 min read
SGI observed a low-severity threat involving potential SSH authorized key injection originating from a compromised server. Immediate action is needed.
Observed Activity: Network Communication from Indonesian IP Address
10 min read
SGI observed network activity originating from an Indonesian IP address (103.179.27.93) associated with AS149333. The activity involved a file hash 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b.
SSH Authorized Keys Redirection Exploit Targeting Multiple User Directories
10 min read
SGI observed an attack targeting SSH authorized keys across various user directories. Threat actors are attempting to gain unauthorized access via SSH.
Observed JavaScript-based Malware Activity
10 min read
SGI observed low-severity malware activity from a Google-hosted IP. Analysis reveals potential JavaScript framework usage. Review IoCs, detection rules, and hardening.
Compromised SSH Authorized Keys: Analysis of a Recent Campaign
10 min read
SGI observed malicious activity involving modification of SSH authorized keys. Attackers aim to gain unauthorized access to systems. Immediate action is crucial.
Compromised SSH Keys via Web-Delivered Payload
10 min read
SGI observed a low-severity threat actor attempting to inject unauthorized SSH keys, potentially leading to unauthorized access. Immediate action is recommended.
For Help and Information
Get in touch with us
