forked from CronUp/Malware-IOCs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
2021-12-11_Log4Shell_Botnets
30 lines (24 loc) · 1.06 KB
/
2021-12-11_Log4Shell_Botnets
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Botnets propagandose a través de Log4Shell aka CVE-2021-44228
#Kinsing aka #H2miner
Threat Ref: https://malpedia.caad.fkie.fraunhofer.de/details/elf.kinsing
Log4Shell Ref: https://twitter.com/1ZRR4H/status/1469333475476094986
Payload: http://80.71.158.12/kinsing
VT: https://www.virustotal.com/gui/file/6e25ad03103a1a972b78c642bac09060fa79c460011dc5748cbb433cc459938b/detection
#Mirai aka #Katana
Threat Ref: https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
Payload: http://62.210.130.250/web/admin/x86
VT: https://www.virustotal.com/gui/file/776c341504769aa67af7efc5acc66c338dab5684a8579134d3f23165c7abcc00/detection
C2: nazi.uy
#Muhstik aka #Tsunami
Threat Ref: https://malpedia.caad.fkie.fraunhofer.de/details/elf.tsunami
Log4Shell Ref: https://twitter.com/1ZRR4H/status/1470175445308129280
Payload: http://18.228.7.109/.log/pty1
VT: https://www.virustotal.com/gui/file/15e7942ebf88a51346d3a5975bb1c2d87996799e6255db9e92aed798d279b36b/detection
C2: log.exposedbotnets.ru
IPs:
45.83.193.150
31.220.58.29
18.228.7.109
172.105.241.146
159.89.182.117
54.210.230.186