2020-11-24
Ðû²¼Ê±¼ä 2020-11-24ÐÂÔöÊÂÎñ
ÊÂÎñÃû³Æ£º | HTTP_ľÂíºóÃÅ_Linux.Ngioweb_ÅþÁ¬ |
Çå¾²ÀàÐÍ£º | ľÂíºóÃÅ |
ÊÂÎñÐÎò£º | ¼ì²âµ½NgiowebÊÔͼÅþÁ¬Ô¶³Ì·þÎñÆ÷£¬ÇëÇóµÚ¶þ½×¶ÎµÄC&C¡£Ô´IPËùÔÚµÄÖ÷»ú¿ÉÄܱ»Ö²ÈëÁËNgioweb¡£NgiowebÊÇÒ»¸öLinuxϵͳϵÄProxy Botnet£¬Ö÷Òª¹¦Ð§ÊÇÔÚÊܺ¦Õß»úеÉÏÌṩ·´ÏòÅþÁ¬¡£¹²Ö§³Ö4¸öÏÂÁWAIT¡¢CONNECT¡¢DISCONNECT¡¢CERT¡£ÏÖÔÚÒѾÊӲ쵽Óдó×Ú°²ÅÅWordPressµÄWeb·þÎñÆ÷±»Ö²ÈëLinux.Ngioweb¡£ÔÚÊܺ¦Õß»úеÉÏÌṩ·´ÏòÅþÁ¬¡£ |
¸üÐÂʱ¼ä£º | 20201124 |
ÊÂÎñÃû³Æ£º | HTTP_Hadoop_YARN_ResourceManagerδÊÚȨ»á¼ûÎó²î |
Çå¾²ÀàÐÍ£º | Çå¾²Îó²î |
ÊÂÎñÐÎò£º | ¼ì²âµ½Ô´IPÖ÷»úÕýÔÚʹÓÃhadoop YARN ResourceManager±£´æµÄδÊÚȨ»á¼ûÎó²î¾ÙÐй¥»÷µÄÐÐΪ |
¸üÐÂʱ¼ä£º | 20201124 |
ÊÂÎñÃû³Æ£º | HTTP_ľÂíºóÃÅ_XDDown(XDSpy)_ÅþÁ¬ |
Çå¾²ÀàÐÍ£º | ľÂíºóÃÅ |
ÊÂÎñÐÎò£º | ¼ì²âµ½×é¼þXDDownÊÔͼÅþÁ¬·þÎñÆ÷£¬Ô´IPËùÔÚµÄÖ÷»ú¿ÉÄܱ»Ö²ÈëÁËXDSpy×é֯ʹÓõĺóÃÅ,Ö÷Òª¹¥»÷¶«Å·ºÍÈû¶ûάÑǵÄÕþ¸®×éÖ¯²¢´ÓÖÐÇÔÈ¡Ãô¸ÐÎļþ¡£XDSpy APT ×éÖ¯´Ó2011Äê×îÏÈ»îÔ¾£¬µ«Ö±µ½¿ËÈղű»·¢Ã÷£¬XDSpy APT×éÖ¯µÄ¹¥»÷Ä¿µÄÖ÷ҪλÓÚ¶«Å·ºÍÈû¶ûάÑÇ£¬Êܺ¦ÕßÖ÷ÒªÊǾüÊ¡¢Íâ½»Ïà¹ØµÄÕþ¸®»ú¹¹ÒÔ¼°ÉÙÁ¿µÄ˽ӪÆóÒµ¡£ |
¸üÐÂʱ¼ä£º | 20201124 |
ÊÂÎñÃû³Æ£º | HTTP_ľÂíºóÃÅ_D_Regsvr32(KimsukyAPT)_ľÂíÅþÁ¬ |
Çå¾²ÀàÐÍ£º | ľÂíºóÃÅ |
ÊÂÎñÐÎò£º | Kimsuky ×éÖ¯ÊÇ×ܲ¿Î»ÓÚ³¯Ï浀 APT ×éÖ¯£¬ÓÖ³Æ ¡°Black Banshee¡±¡¢¡°BabyShark¡± µÈ£¬ÖÁÉÙ´Ó 2013 Äê×îÏÈ»îÔ¾£¬¸Ã×éÖ¯ºã¾ÃÕë¶Ôº«¹úÕþ¸®¡¢ÐÂÎŵȻú¹¹¾ÙÐй¥»÷Ô˶¯£¬¾³£Ê¹ÓôøÓÐÎó²îµÄ hwp Îļþ¡¢¶ñÒâºêÎļþÒÔ¼°ÊÍ·ÅÔØºÉµÄ PE ÎļþµÈ¶ñÒâÔغɡ£ |
¸üÐÂʱ¼ä£º | 20201124 |
ÊÂÎñÃû³Æ£º | HTTP_apache_solr_xxeÎó²î£¨¹¥»÷Àֳɣ©[CVE-2018-1308][CNNVD-201804-415] |
Çå¾²ÀàÐÍ£º | ×¢Èë¹¥»÷ |
ÊÂÎñÐÎò£º | ¼ì²âµ½Ô´IPʹÓÃApache solrÕýÔÚʹÓÃxxeÎó²î¾ÙÐÐÎļþ¶ÁÈ¡²Ù×÷£¬Apache SolrÊÇÒ»¸ö¿ªÔ´µÄËÑË÷·þÎñ£¬Ê¹ÓÃJavaÓïÑÔ¿ª·¢£¬Ö÷Òª»ùÓÚHTTPºÍApache LuceneʵÏֵġ£ |
¸üÐÂʱ¼ä£º | 20201124 |
ÊÂÎñÃû³Æ£º | HTTP_Çå¾²Îó²î_Discuz!XϵÁÐת»»¹¤¾ßí§Òâ´úÂëдÈëÎó²î |
Çå¾²ÀàÐÍ£º | Çå¾²Îó²î |
ÊÂÎñÐÎò£º | Discuz!XϵÁÐת»»¹¤¾ßí§Òâ´úÂëдÈëÎó²îÊǹ¥»÷Õ߶Ô×¢ÊͲ¿·ÖʹÓû»Ðзûµ¼ÖÂ×¢Èë¶ñÒâPHP´úÂ룬¹¥»÷Àֳɺó¿ÉÒÔ»ñµÃÄ¿µÄÖ÷»úµÄ Webshell £¬½øÒ»²½»ñµÃÍøÕ¾µÄ¿ØÖÆȨ¡£ |
¸üÐÂʱ¼ä£º | 20201124 |
ÐÞ¸ÄÊÂÎñ
ÊÂÎñÃû³Æ£º | HTTP_WebLogic_í§ÒâÎļþÉÏ´«Îó²î[CVE-2019-2618] |
Çå¾²ÀàÐÍ£º | Çå¾²Îó²î |
ÊÂÎñÐÎò£º | ¼ì²âµ½Ô´IPÖ÷»úÕýÔÚʹÓÃí§ÒâÎļþÉÏ´«Îó²î¹¥»÷Ä¿µÄIPÖ÷»úµÄÐÐΪ£¬CVE-2019-2618Îó²îÖ÷ÒªÊÇʹÓÃÁËWebLogic×é¼þÖеÄDeploymentService½Ó¿Ú£¬¸Ã½Ó¿ÚÖ§³ÖÏò·þÎñÆ÷ÉÏ´«í§ÒâÎļþ¡£¹¥»÷ÕßÍ»ÆÆÁËOAM£¨Oracle Access Management£©ÈÏÖ¤£¬ÉèÖÃwl_request_type²ÎÊýΪapp_upload£¬½á¹¹ÎļþÉÏ´«ÃûÌõÄPOSTÇëÇó°ü£¬ÉÏ´«"font-family:ËÎÌå">ľÂíÎļþ£¬½ø¶ø¿ÉÒÔ»ñµÃÕû¸ö·þÎñÆ÷µÄȨÏÞ¡£ |
¸üÐÂʱ¼ä£º | 20201124 |
ÊÂÎñÃû³Æ£º | HTTP_Weblogic_í§ÒâÎļþ¶ÁÈ¡Îó²î[CVE-2019-2615] |
Çå¾²ÀàÐÍ£º | Çå¾²Îó²î |
ÊÂÎñÐÎò£º | ¼ì²âµ½Ô´IPÖ÷»úÕýÔÚʹÓÃWeblogicí§ÒâÎļþ¶ÁÈ¡Îó²î¶ÔÄ¿µÄÖ÷»ú¾ÙÐй¥»÷µÄÐÐΪ¡£Weblogic_í§ÒâÎļþ¶ÁÈ¡Îó²î½Ó¿ÚÊÇÎļþÏÂÔØÏà¹Ø¹¦Ð§Ê¹ÓõĽӿڣ¬Ò²ÊÇweblogic serverÖÐÄÚ²¿Ê¹ÓõÄÕý³£¹¦Ð§£¬ÒÔÊǸÃÎó²îÐèÒªweblogicµÄÓû§ÃûÃÜÂ룬µÇ¼ºó¿ÉÇÔÈ¡Ãô¸ÐÐÅÏ¢£¬»ñÈ¡ÖÎÀíԱȨÏÞ¡£ |
¸üÐÂʱ¼ä£º | 20201124 |
ÊÂÎñÃû³Æ£º | TCP_JavaRMI·´ÐòÁл¯_Ô¶³ÌÏÂÁîÖ´ÐÐÎó²î[CVE-2017-3241] |
Çå¾²ÀàÐÍ£º | Çå¾²Îó²î |
ÊÂÎñÐÎò£º | ¼ì²âµ½Ô´IPʹÓÃTCP_JavaRMI·´ÐòÁл¯Ô¶³ÌÏÂÁîÖ´ÐÐÎó²î¾ÙÐй¥»÷µÄÐÐΪ£¬JavaRMI·´ÐòÁл¯Ô¶³ÌÏÂÁîÖ´ÐÐÎó²î¾ÙÐй¥»÷µÄÐÐΪÔÊÐíÔ¶³Ì¹¥»÷ÕßÖ´ÐÐí§ÒâÏÂÁî¡£ |
¸üÐÂʱ¼ä£º | 20201124 |
ÊÂÎñÃû³Æ£º | HTTP_fastjson_JSON·´ÐòÁл¯_Ô¶³Ì´úÂëÖ´ÐÐÎó²î[CVE-2017-18349] |
Çå¾²ÀàÐÍ£º | Çå¾²Îó²î |
ÊÂÎñÐÎò£º | FastjsonÊÇÒ»¸öJava¿â£¬¿ÉÒÔ½«Java¹¤¾ßת»»ÎªJSONÃûÌã¬fastjsonÔÚ1.2.24ÒÔ¼°Ö®Ç°°æ±¾±£´æÔ¶³Ì´úÂëÖ´ÐиßΣÇå¾²Îó²î¡£¹¥»÷Õßͨ¹ý·¢ËÍÒ»¸öÈ«ÐĽṹµÄJSONÐòÁл¯¶ñÒâ´úÂ룬µ±³ÌÐòÖ´ÐÐJSON·´ÐòÁл¯µÄÀú³ÌÖÐÖ´ÐжñÒâ´úÂ룬´Ó¶øµ¼ÖÂÔ¶³Ì´úÂëÖ´ÐС£ |
¸üÐÂʱ¼ä£º | 20201124 |
ÊÂÎñÃû³Æ£º | DNS_ľÂí_NetReaper_ÅþÁ¬ |
Çå¾²ÀàÐÍ£º | ľÂíºóÃÅ |
ÊÂÎñÐÎò£º | ¼ì²âµ½Ê§ÏÝÖ÷»úÉϵÄľÂíÊÔͼÅþÁ¬Ô¶³Ì·þÎñÆ÷£¨C&C£©¡£Ô´IPËùÔÚµÄÖ÷»ú¿ÉÄܱ»Ö²ÈëÁËNetReaperľÂí¡£ |
¸üÐÂʱ¼ä£º | 20201124 |