升級包下載:Data.2020.10.12.003731_PKG.zip
本次共新增31條安全事件:
TROJAN Formbook0.3登錄
木馬模板書數(shù)控檢查(GET)
木馬模板書數(shù)控檢查(POST)
MALWARE Winxpperformance.com Related Spyware User-Agent (Microsoft Internet Browser)
PE EXE或DLL Windows文件下載HTTP
RDP連接確認
觀察到WEB_SERVER JexBoss公共URI結(jié)構(gòu)(INBOUND)
Apache Struts memberAccess和opensymphony入站OGNL注入遠程代碼執(zhí)行嘗試
Apache Struts成員訪問和getWriter入站OGNL注入遠程代碼執(zhí)行嘗試
Apache Struts getWriter和opensymphony入站OGNL注入遠程代碼執(zhí)行嘗試
Apache Struts inbound .getWriter OGNL injection remote code execution attempt
Apache Struts java.lang inbound OGNL injection remote code execution attempt
Apache Struts可能的OGNL Java Exec在URI
Apache Struts可能的OGNL Java ProcessBuilder URI
Apache Struts可能的OGNL Java ProcessBuilder在客戶體
Apache Struts可能的OGNL允許靜態(tài)方法訪問URI
Apache Struts成員訪問入站OGNL注入遠程代碼執(zhí)行嘗試
Downadup/Conficker蠕蟲
OGNL表達式注入(CVE-2017-9791)
Unsupported/Fake Internet Explorer Version MSIE 5.
WEB_SERVER JexBoss用戶代理被觀察(INBOUND)
動態(tài)算法生成域名
可能的Apache Struts OGNL表達式注入(內(nèi)容處理)M1(CVE-2017-5638)
可能的Apache Struts OGNL表達式注入M2(CVE-2017-5638)
可能的Struts S2-053-CVE-2017-12611攻擊嘗試M1
木馬APT1 WEBC2-UGX用戶代理
電子加密貨幣客戶端登錄
疑似Win32/Gapz木馬(Windows NT 5)
Apache Struts RCE CVE-2018-11776 POC M2
Apache Struts ognl入站ognl注入遠程代碼執(zhí)行嘗試
Apache Tomcat可能的CVE-2017-12617 JSP上傳繞過嘗試