2019-06-22
Ðû²¼Ê±¼ä 2019-06-22ÐÂÔöÊÂÎñ
ÊÂÎñÃû³Æ£º |
TCP_NSA_EternalChampion_(ÓÀºã¹Ú¾ü)_SMBÔ¶³Ì´úÂëÖ´ÐÐÎó²îSync_Response[MS17-010] |
ÊÂÎñ¼¶±ð£º |
¸ß¼¶ÊÂÎñ |
Çå¾²ÀàÐÍ£º |
Çå¾²Îó²î |
ÊÂÎñÐÎò£º |
¼ì²âµ½Ô´IPÖ÷»úÕýÔÚʹÓÃMicrosoft Windows SMBÔ¶³Ì´úÂëÖ´ÐÐÎó²î¾ÙÐй¥»÷µÄÐÐΪ¡£ Microsoft WindowsÊÇ΢ÈíÐû²¼µÄºÜÊÇÊ¢ÐеIJÙ×÷ϵͳ¡£ ÈôÊǹ¥»÷ÕßÏò Microsoft ·þÎñÆ÷·¢Ë;ȫÐĽṹµÄ»ûÐÎÇëÇó°ü£¬¿ÉÒÔ»ñÈ¡Ä¿µÄ·þÎñÆ÷µÄϵͳȨÏÞ£¬²¢ÇÒÍêÈ«¿ØÖÆÄ¿µÄϵͳ¡£ |
¸üÐÂʱ¼ä£º |
20190622 |
ĬÈÏÐж¯£º |
ÑïÆú |
ÊÂÎñÃû³Æ£º |
TTCP_NSA_EternalChampion_(ÓÀºã¹Ú¾ü)_SMBÔ¶³Ì´úÂëÖ´ÐÐÎó²îSync_Request[MS17-010] |
ÊÂÎñ¼¶±ð£º |
¸ß¼¶ÊÂÎñ |
Çå¾²ÀàÐÍ£º |
Çå¾²Îó²î |
ÊÂÎñÐÎò£º |
¼ì²âµ½Ô´IPÖ÷»úÕýÔÚʹÓÃMicrosoft Windows SMBÔ¶³Ì´úÂëÖ´ÐÐÎó²î¾ÙÐй¥»÷µÄÐÐΪ¡£ Microsoft WindowsÊÇ΢ÈíÐû²¼µÄºÜÊÇÊ¢ÐеIJÙ×÷ϵͳ¡£ ÈôÊǹ¥»÷ÕßÏò Microsoft ·þÎñÆ÷·¢Ë;ȫÐĽṹµÄ»ûÐÎÇëÇó°ü£¬¿ÉÒÔ»ñÈ¡Ä¿µÄ·þÎñÆ÷µÄϵͳȨÏÞ£¬²¢ÇÒÍêÈ«¿ØÖÆÄ¿µÄϵͳ¡£ |
¸üÐÂʱ¼ä£º |
20190622 |
ĬÈÏÐж¯£º |
ÑïÆú |
ÊÂÎñÃû³Æ£º |
TCP_NSA_EternalRomance_(ÓÀºãÀËÂþ)_SMBÔ¶³Ì´úÂëÖ´ÐÐÎó²î3[MS17-010] |
ÊÂÎñ¼¶±ð£º |
¸ß¼¶ÊÂÎñ |
Çå¾²ÀàÐÍ£º |
Çå¾²Îó²î |
ÊÂÎñÐÎò£º |
¼ì²âµ½Ô´IPÖ÷»úÕýÔÚʹÓÃMicrosoft Windows SMBÔ¶³Ì´úÂëÖ´ÐÐÎó²î¾ÙÐй¥»÷µÄÐÐΪ¡£ Microsoft WindowsÊÇ΢ÈíÐû²¼µÄºÜÊÇÊ¢ÐеIJÙ×÷ϵͳ¡£ ÈôÊǹ¥»÷ÕßÏò Microsoft ·þÎñÆ÷·¢Ë;ȫÐĽṹµÄ»ûÐÎÇëÇó°ü£¬¿ÉÒÔ»ñÈ¡Ä¿µÄ·þÎñÆ÷µÄϵͳȨÏÞ£¬²¢ÇÒÍêÈ«¿ØÖÆÄ¿µÄϵͳ¡£ |
¸üÐÂʱ¼ä£º |
20190622 |
ĬÈÏÐж¯£º |
ÑïÆú |
ÊÂÎñÃû³Æ£º |
TCP_NSA_EternalRomance_(ÓÀºãÀËÂþ)_SMBÔ¶³Ì´úÂëÖ´ÐÐÎó²î2[MS17-010] |
ÊÂÎñ¼¶±ð£º |
¸ß¼¶ÊÂÎñ |
Çå¾²ÀàÐÍ£º |
Çå¾²Îó²î |
ÊÂÎñÐÎò£º |
¼ì²âµ½Îó²îʹÓù¤¾ß°üRigÊÔͼÏÂÔضñÒâÈí¼þ£¬Ô´IPÖ÷»úÕýÔÚä¯ÀÀµÄÍøÒ³ºÜ¿ÉÄܱ»Ö²ÈëÁ˶ñÒâµÄ¾ç±¾´úÂ룬±»¶¨Ïòµ½Îó²îʹÓù¤¾ß°üRigµÄÒ³Ã棬µ¼ÖÂÏÂÔضñÒâÈí¼þ¡£ Exploit KitÊÇÎó²îʹÓù¤¾ß°ü£¬Ô¤´ò°üÁË×°ÖóÌÐò¡¢¿ØÖÆÃæ°å¡¢¶ñÒâ´úÂëÒÔ¼°Ï൱ÊýÄ¿µÄ¹¥»÷¹¤¾ß¡£Ò»Ñùƽ³£À´Ëµ£¬Exploit Kit»á°üÀ¨Ò»ÏµÁвî±ðµÄÎó²îʹÓôúÂë¡£¹¥»÷Õß»áÏòÕýµ±µÄÍøÕ¾×¢Èë¶ñÒâµÄ¾ç±¾»ò´úÂ룬ÒÔÖض¨Ïòµ½Exploit KitÒ³Ãæ¡£Êܺ¦Õßä¯ÀÀÍøҳʱ¼´¼ÓÔØExploit KitµÄÖÖÖÖÎó²îʹÓôúÂ룬×îÖÕÏÂÔØÆäËü¶ñÒâÈí¼þ¡£ RigÊÇ2014Äê·ºÆðµÄÒ»¿îExploit Kit¼´Îó²îʹÓù¤¾ß°ü£¬Ö÷ÒªÒÔJava£¬FlashºÍSilverlightÎó²îΪĿµÄ¡£ |
¸üÐÂʱ¼ä£º |
20190622 |
ĬÈÏÐж¯£º |
ÑïÆú |
ÊÂÎñÃû³Æ£º |
TCP_NSA_EternalRomance_(ÓÀºãÀËÂþ)_SMBÔ¶³Ì´úÂëÖ´ÐÐÎó²î1[MS17-010] |
ÊÂÎñ¼¶±ð£º |
¸ß¼¶ÊÂÎñ |
Çå¾²ÀàÐÍ£º |
Çå¾²Îó²î |
ÊÂÎñÐÎò£º |
¼ì²âµ½Ô´IPÖ÷»úÕýÏòÄ¿µÄÖ÷»úÉÏ´«»òÏÂÔØjspľÂí |
¸üÐÂʱ¼ä£º |
20190622 |
ĬÈÏÐж¯£º |
ÑïÆú |
ÊÂÎñÃû³Æ£º |
HTTP_ľÂíºóÃÅ_ASP_webshellÒ»¾ä»°Ä¾ÂíÏÂÔØ |
ÊÂÎñ¼¶±ð£º |
¸ß¼¶ÊÂÎñ |
Çå¾²ÀàÐÍ£º |
ľÂíºóÃÅ |
ÊÂÎñÐÎò£º |
¼ì²âµ½Ô¶³ÌÖ´ÐÐÏÂÁîÖаüÀ¨ÏÂÔØwatchbogÍÚ¿óľÂíÐÐΪ |
¸üÐÂʱ¼ä£º |
20190622 |
ĬÈÏÐж¯£º |
ÑïÆú |
ÊÂÎñÃû³Æ£º |
HTTP_Nexus_Repository_Manager_3Ô¶³Ì´úÂëÖ´ÐÐÎó²î[CVE-2019-7238] |
ÊÂÎñ¼¶±ð£º |
¸ß¼¶ÊÂÎñ |
Çå¾²ÀàÐÍ£º |
Çå¾²Îó²î |
ÊÂÎñÐÎò£º |
Nexus Repository ManagerÓÃÓڴMaven˽·þ£¬ÓÃÓÚÖÎÀí±¨¸æºÍÎĵµµÄÏîÄ¿ÖÎÀíÈí¼þ |
¸üÐÂʱ¼ä£º |
20190622 |
ĬÈÏÐж¯£º |
ÑïÆú |
ÐÞ¸ÄÊÂÎñ
ÊÂÎñÃû³Æ£º |
TCP_ºóÃÅ_Gh0st.DHLAR_ÅþÁ¬ |
ÊÂÎñ¼¶±ð£º |
Öм¶ÊÂÎñ |
Çå¾²ÀàÐÍ£º |
ľÂíºóÃÅ |
ÊÂÎñÐÎò£º |
¼ì²âµ½ºóÃÅÊÔͼÅþÁ¬Ô¶³Ì·þÎñÆ÷¡£Ô´IPËùÔÚµÄÖ÷»ú¿ÉÄܱ»Ö²ÈëÁ˺óÃÅDHLAR¡£ Gh0st.DHLARÊÇʹÓÃÒ»¸öƾ֤Gh0stÔ¶¿ØµÄÔ´ÂëÐ޸ĶøÀ´µÄºóÃÅ£¬ÔËÐкó¿ÉÒÔÍêÈ«¿ØÖƱ»Ö²Èë»úе¡£ |
¸üÐÂʱ¼ä£º |
20190622 |
ĬÈÏÐж¯£º |
ÑïÆú |
ÊÂÎñÃû³Æ£º |
HTTP_½©Ê¬ÍøÂç_MiraiXMiner_ÅþÁ¬ |
ÊÂÎñ¼¶±ð£º |
Öм¶ÊÂÎñ |
Çå¾²ÀàÐÍ£º |
ľÂíºóÃÅ |
ÊÂÎñÐÎò£º |
¼ì²âµ½½©Ê¬ÍøÂçMiraiXMinerÊÔͼÅþÁ¬Ô¶³Ì·þÎñÆ÷¡£Ô´IPËùÔÚµÄÖ÷»ú¿ÉÄܱ»Ö²ÈëÁËMiraiXMiner¡£ MiraiXMinerÊÇÒ»¸öÈÔÈ»»îÔ¾×ŵĽ©Ê¬ÍøÂ磬ÈÚºÏÁ˶àÖÖÒÑÖª²¡¶¾¼Ò×壬°üÀ¨Mirai¡¢MyKings¡¢Ô¶¿Ø¡¢ÍÚ¿óµÈ¡£Ê¹ÓÃÓÀºãÖ®À¶Îó²î¡¢±Õ·µçÊÓÎïÁªÍø×°±¸Îó²î¡¢MSSQLÎó²î¡¢RDP±¬ÆƺÍTelnet±¬ÆƵȷ½·¨Èö²¥×ÔÉí¡£ |
¸üÐÂʱ¼ä£º |
20190622 |
ĬÈÏÐж¯£º |
ÑïÆú |
ÊÂÎñÃû³Æ£º |
TCP_NSA_Windows_SMB_DoublePulsarÖ²ÈëÀÖ³É2 |
ÊÂÎñ¼¶±ð£º |
¸ß¼¶ÊÂÎñ |
Çå¾²ÀàÐÍ£º |
ľÂíºóÃÅ |
ÊÂÎñÐÎò£º |
¼ì²âµ½Í¨¹ýMS17-010µÄÎó²îÖ²ÈëDoublePulsarºóÃŵÄÐÐΪ¡£ Microsoft WindowsÊÇÃÀ¹ú΢Èí£¨Microsoft£©¹«Ë¾Ðû²¼µÄһϵÁвÙ×÷ϵͳ¡£SMBv1 serverÊÇÆäÖеÄÒ»¸ö·þÎñÆ÷ÐÒé×é¼þ¡£DoublePulsarÊÇÒ»¸öºóÃųÌÐò£¬ÓÃÓÚÔÚÒÑѬȾµÄϵͳÉÏ×¢ÈëºÍÔËÐжñÒâ´úÂë¡£ Microsoft WindowsÖеÄSMBv1·þÎñÆ÷±£´æÔ¶³Ì´úÂëÖ´ÐÐÎó²î¡£Ô¶³Ì¹¥»÷Õ߿ɽèÖúÌØÖƵÄÊý¾Ý°üʹÓøÃÎó²îÖ²ÈëDoublePulsarºóÃÅ¡£ |
¸üÐÂʱ¼ä£º |
20190622 |
ĬÈÏÐж¯£º |
ÑïÆú |
ÊÂÎñÃû³Æ£º |
HTTP_ľÂíºóÃÅ_webshell_china_chopper_customize¿ØÖÆÏÂÁî |
ÊÂÎñ¼¶±ð£º |
Öм¶ÊÂÎñ |
Çå¾²ÀàÐÍ£º |
ľÂíºóÃÅ |
ÊÂÎñÐÎò£º |
¸ÃÊÂÎñÅú×¢Ô´IPµØµãÖ÷»úÉϵÄÖйú²Ëµ¶¿Í»§¹æÔòÔÚÏòÄ¿µÄIPµØµãÖ÷»úÉϵÄwebshell·þÎñÆ÷¶Ë·¢³ö¿ØÖÆÏÂÁî¡£ webshellÊÇwebÈëÇֵľ籾¹¥»÷¹¤¾ß¡£¼òÆÓ˵£¬webshell¾ÍÊÇÒ»¸öÓÃasp»òphpµÈ±àдµÄľÂíºóÃÅ£¬¹¥»÷ÕßÔÚÈëÇÖÁËÒ»¸öÍøÕ¾ºó£¬¾³£½«ÕâЩasp»òphpµÈľÂíºóÃÅÎļþ°²ÅÅÔÚÍøÕ¾·þÎñÆ÷µÄwebĿ¼ÖУ¬ÓëÕý³£µÄÍøÒ³Îļþ»ìÔÚÒ»Æð¡£È»ºó¹¥»÷Õ߾ͿÉÒÔÓÃwebµÄ·½·¨£¬Í¨¹ý¸ÃľÂíºóÃÅ¿ØÖÆÍøÕ¾·þÎñÆ÷£¬°üÀ¨ÉÏ´«ÏÂÔØÎļþ¡¢Éó²éÊý¾Ý¿â¡¢Ö´ÐÐí§Òâ³ÌÐòÏÂÁîµÈ¡£webshell¿ÉÒÔ´©Ô½·À»ðǽ£¬ÓÉÓÚÓë±»¿ØÖƵķþÎñÆ÷»òÔ¶³ÌÖ÷»ú½»Á÷µÄÊý¾Ý¶¼ÊÇͨ¹ý80¶Ë¿Úת´ïµÄ£¬Òò´Ë²»»á±»·À»ðǽ×èµ²¡£²¢ÇÒʹÓÃwebshellÒ»Ñùƽ³£²»»áÔÚϵͳÈÕÖ¾ÖÐÁôϼͼ£¬Ö»»áÔÚÍøÕ¾µÄwebÈÕÖ¾ÖÐÁôÏÂһЩÊý¾ÝÌá½»¼Í¼£¬ÖÎÀíÔ±½ÏÄÑ¿´ÊÕÖ§ÇÖºÛ¼£¡£ |
¸üÐÂʱ¼ä£º |
20190622 |
ĬÈÏÐж¯£º |
ÑïÆú |
ÊÂÎñÃû³Æ£º |
HTTP_ľÂíºóÃÅ_webshell_jsp_Runtime-reflect |
ÊÂÎñ¼¶±ð£º |
Öм¶ÊÂÎñ |
Çå¾²ÀàÐÍ£º |
ľÂíºóÃÅ |
ÊÂÎñÐÎò£º |
¼ì²âµ½Ô´IPÖ÷»úÕýÏòÄ¿µÄÖ÷»úÉÏ´«»òÏÂÔØjspľÂí |
¸üÐÂʱ¼ä£º |
20190622 |
ĬÈÏÐж¯£º |
ÑïÆú |
ÊÂÎñÃû³Æ£º |
HTTP_fastjson_JSON·´ÐòÁл¯_Ô¶³Ì´úÂëÖ´ÐÐÎó²î[CVE-2017-18349] |
ÊÂÎñ¼¶±ð£º |
Öм¶ÊÂÎñ |
Çå¾²ÀàÐÍ£º |
Çå¾²Îó²î |
ÊÂÎñÐÎò£º |
¼ì²âµ½Ô´IPÖ÷»úÕýÔÚʹÓÃfastjsonJSON·´ÐòÁл¯Ô¶³Ì´úÂëÖ´ÐÐÎó²î¶ÔÄ¿µÄÖ÷»ú¾ÙÐй¥»÷µÄÐÐΪ£¬ÊÔͼͨ¹ý´«ÈëÈ«ÐĽṹµÄ¶ñÒâ´úÂë»òÏÂÁîÀ´ÈëÇÖÄ¿µÄIPÖ÷»ú¡£ fastjsonÔÚ1.2.24ÒÔ¼°Ö®Ç°°æ±¾±£´æÔ¶³Ì´úÂëÖ´ÐиßΣÇå¾²Îó²î¡£¿ª·¢ÕßÔÚʹÓÃfastjsonʱ£¬ÈôÊDZàд²»µ±£¬¿ÉÄܵ¼ÖÂJSON·´ÐòÁл¯Ô¶³Ì´úÂëÖ´ÐÐÎó²î¡£¹¥»÷Õßͨ¹ý·¢ËÍÒ»¸öÈ«ÐĽṹµÄJSONÐòÁл¯¶ñÒâ´úÂ룬µ±³ÌÐòÖ´ÐÐJSON·´ÐòÁл¯µÄÀú³ÌÖÐÖ´ÐжñÒâ´úÂ룬´Ó¶øµ¼ÖÂÔ¶³Ì´úÂëÖ´ÐС£ |
¸üÐÂʱ¼ä£º |
20190622 |
ĬÈÏÐж¯£º |
ÑïÆú |
ÊÂÎñÃû³Æ£º |
TCP_Oracle_WebLogic_·´ÐòÁл¯Îó²î[CVE-2015-4852/2018-2628] |
ÊÂÎñ¼¶±ð£º |
Öм¶ÊÂÎñ |
Çå¾²ÀàÐÍ£º |
ľÂíºóÃÅ |
ÊÂÎñÐÎò£º |
¼ì²âµ½Ô´IPʹÓÃweblogic·´ÐòÁл¯Îó²î¾ÙÐй¥»÷µÄÐÐΪ Oracle Weblogic ServerÊÇÓ¦ÓóÌÐò·þÎñÆ÷¡£ Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, 12.2.1.0°æ±¾ÖУ¬WLS Security×é¼þÔÊÐíÔ¶³Ì¹¥»÷ÕßÖ´ÐÐí§ÒâÏÂÁî¡£¹¥»÷Õßͨ¹ýÏòTCP¶Ë¿Ú7001·¢ËÍT3ÐÒéÁ÷Á¿£¬ÆäÖаüÀ¨ È«ÐĽṹµÄÐòÁл¯Java¹¤¾ßʹÓôËÎó²î¡£´ËÎó²îÓ°Ïìµ½WLS Security HandlerµÄÎļþ oracle_common/modules/com.bea.core.apache.commons.collections.jarÄÚÒ»¸öδ֪µÄº¯Êý¡£ |
¸üÐÂʱ¼ä£º |
20190622 |
ĬÈÏÐж¯£º |
ÑïÆú |
ÊÂÎñÃû³Æ£º |
HTTP_ľÂíºóÃÅ_ASP_webshellÒ»¾ä»°Ä¾ÂíÉÏ´« |
ÊÂÎñ¼¶±ð£º |
Öм¶ÊÂÎñ |
Çå¾²ÀàÐÍ£º |
ľÂíºóÃÅ |
ÊÂÎñÐÎò£º |
¼ì²âµ½Ô´IPÖ÷»úÕýÏòÄ¿µÄÖ÷»úÉÏ´«ASPÒ»¾ä»°Ä¾ÂíµÄÐÐΪ ¹¥»÷ÕßʵÑéÏò·þÎñÆ÷ÉÏ´«ASPÒ»¾ä»°Ä¾ÂíÎļþ£¬ÈôÊÇÉÏ´«Àֳɽ«Í¨¹ýÒ»¾ä»°Ä¾ÂíÅþÁ¬¹¤¾ß¶Ô·þÎñÆ÷¾ÙÐпØÖÆ¡£ |
¸üÐÂʱ¼ä£º |
20190622 |
ĬÈÏÐж¯£º |
ÑïÆú |
ɾ³ýÊÂÎñ
1. IMAP_find_»º³åÇøÒç³ö¹¥»÷ʵÑé[CVE-2000-0284]
2. IMAP_list_»º³åÇøÒç³ö¹¥»÷ʵÑé1[CVE-2000-0284]
3. TCP_Microsoft_UPnP_NOTIFY_»º³åÇøÒç³ö¹¥»÷[CVE-2001-0876]