728x90
Lots of IT security teams are at work right now to patch the Shellshock vulnerability (CVE-2014-6271) ASAP – while keeping an eye on their threat intelligence sources for exploitation in the wild. And the reports are coming in…
One of the first reports via GitHub identified the IP 162.253.66.76 as the source of suspicious activity. We took a quick look in our OSINT archive, using Maltego, to make an initial assessment. Pentester scanning? Malicious? Looks like the latter.
CLICK IMAGE FOR LARGER VIEW
Looked at on a Recorded Future timeline, the reporting involving suspicious activity and blocking of this IP address date back to early September.
CLICK IMAGE FOR LARGER VIEW
Here’s the view a few hours later, when many other authors on the web were linking this IP address to Shellshock.
CLICK IMAGE FOR LARGER VIEW
728x90
'취약점 정보1' 카테고리의 다른 글
| Apache HTTP Server 서비스 거부 취약점 주의 권고 (0) | 2014.10.10 |
|---|---|
| Shellshock CVE-2014-6271 Remediation (0) | 2014.10.10 |
| BMC Track-It! contains multiple vulnerabilities (0) | 2014.10.09 |
| IBM WebSphere Application Server contains multiple vulnerabilities (0) | 2014.10.09 |
| Bash bug: the other two RCEs, or how we chipped away at the original fix (CVE-2014-6277 and '78) (0) | 2014.10.02 |