ばぁどのハニーポット・うぉっちんぐ - 2019/01/05 ~ 2019/01/11 -
ハニーポット観察日記としての定期アウトプットです。
現在、開発合宿中であり美味しいご飯にワクワクしております。
観察期間:2019年 01月04日 00:00:00 - 2019年01月11日 23:59:59
CVE
| CVE | 検知した回数 | 前回比 |
|---|---|---|
| CVE-2005-4050 | 20 | +20 |
| CVE-2014-0160 | 18 | +6 |
| CVE-2017-7269 | 14 | +6 |
| CVE-2017-5638 | 6 | +6 |
| CVE-2014-6271 | 3 | +3 |
| CVE-1999-0183 | 2 | -11 |
| CVE-2003-0818 | 2 | -1 |
| CVE-2008-4250 | 2 | +2 |
| CVE-2013-2251 | 2 | +2 |
| CVE-2006-0819 | 0 | -55 |
以前紹介したCVE記事まとめはこちら
CVE-2014-6721
CVSS Score が10になっていますね
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVE-2013-2251
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
攻撃種別
| 攻撃種別 | カウント数 | % |
|---|---|---|
| known attacker | 40978 | 90.53% |
| bad reputation | 4109 | 9.08% |
| その他 | - | - |
マルウェア
Total: 21
| ファイル名 | 取得日時 | タイプ | 検出率 |
|---|---|---|---|
| tmpumycEr | 2019/01/05 03:18:46 | ELF 32-bit LSB executable | 41/58 |
| tmpjQQ4oI | 2019/01/05 14:22:31 | ELF 32-bit LSB executable | 41/58 |
| tmpVxYPjv | 2019/01/05 22:16:19 | ELF 32-bit LSB executable | 41/58 |
| tmpfmRjdQ | 2019/01/06 04:17:27 | ELF 32-bit LSB executable | 40/60 |
| tmpEjQHeF | 2019/01/07 07:01:45 | ELF 32-bit LSB executable | 40/59 |
| b01ae8eba... | 2019/01/07 10:07:59 | ASCII text | 0/59 |
| b33b30c3c... | 2019/01/07 12:33:58 | Bourne-Again shell script executable (binary data) | 29/58 |
| tmpcdxpwO | 2019/01/07 19:39:08 | ELF 32-bit LSB executable | 40/59 |
| tmp7Uex5O | 2019/01/08 03:31:18 | ELF 32-bit LSB executable | 39/57 |
| tmpzSYqlR | 2019/01/08 19:44:15 | ELF 32-bit LSB executable | 39/57 |
| tmpwrpMLn | 2019/01/09 03:31:14 | ELF 32-bit LSB executable | 38/59 |
| tmp8oKBPU | 2019/01/09 20:12:04 | ELF 32-bit LSB executable | 38/59 |
| tmpu_wIAB | 2019/01/10 05:02:06 | ELF 32-bit LSB executable | 38/59 |
| 0293300dd... | 2019/01/10 05:59:28 | ASCII text | 0/59 |
| 20ceeed36... | 2019/01/10 05:59:28 | ASCII text | 0/59 |
| d660d1120... | 2019/01/10 05:59:28 | ASCII text | 0/58 |
| 8779e030c... | 2019/01/10 05:59:28 | ASCII text | 0/57 |
| 512893f96... | 2019/01/10 05:59:28 | ASCII text | 0/59 |
| 5ab400ec0... | 2019/01/10 05:59:28 | ASCII text | 0/57 |
| f6426a2b8... | 2019/01/10 05:59:28 | ASCII text | 0/58 |
| d1858ce41... | 2019/01/10 05:59:28 | ASCII text | 0/59 |
所感
新しいCVEを検知しました。
たまに検知すると学びがあるので楽しいですね。
