辞令_WhITECat安全团队

辞令_WhITECat安全团队

关注
发信
关注(28)粉丝(399)

hvv最新情报

实时更新情报共享平台:https://www.secshi.com/circle/qingbao

文末大量HVV资料免费知识星球,6000人已加入!

威胁情报仅作参考,如因误封IP及任何其他操作产生的后果与发布者无关。

hvv最新情报-LMLPHP

可信度:中:

【WPS 0Day】wps 0day已经出现,中招表现为,表格点击后windows开始更新,请各位提高安全意识,切勿点击钓鱼邮件中的附件,内外网禁止交叉传输数据。

一.今日新增钓鱼邮件主题

商业报价

发货到达通知

passsword expiry

二.漏洞通告

【漏洞通告】Apache DolphinScheduler高危漏洞(CVE-2020-11974、CVE-2020-13922)

https://mp.weixin.qq.com/s/TvT22Wdw-SPBCKcl2pm2Pg

.安全设备漏洞

【情报】漏洞预警:深信服EDR(新版)、天融信Top-app LB负载均衡SQL注入、绿盟UTS管理员任意登录漏洞

接情报消息,深信服EDR(新)、奇治堡垒机、联软准入、天融信Top-app LB负载均衡及绿盟UTS等设备存在0day漏洞,请各企事业单位根据资产情况,梳理本单位存在以上设备的情况,加强监控,以避免遭受攻击

hvv最新情报-LMLPHP

关于绿盟科技UTS产品受“管理员任意登录漏洞”影响的说明:https://mp.weixin.qq.com/s/4gCLvwkGsxYL8TxV50T8ng


三.云端监控到的IP

223.206.4.53 扫描

101.75.90.231 漏洞利用

77.43.167.178 注入攻击

152.136.191.111 扫描

106.75.119.46扫描

149.3.170.181恶意软件

178.154.200.130 扫描

144.76.40.222 扫描

58.220.220.165

93.170.170.103

发的ip也是云端监控,可能存在误报,请鉴定后使用

【hw共享】已确认黑IP:

49.232.115.16

49.232.115.242

49.232.72.64

49.233.58.23

准确率极高:

49.235.165.22 上海 攻击11次(包含宝塔未授权/vbulletin 5.x命令执行)

183.146.208.203 浙江金华 phpstudy任意命令执行

138.99.6.169 阿根廷 vbulletin 5.x 前台代码执行

103.145.13.24 荷兰 北荷兰省 scanner攻击

103.72.221.81 印度 命令注入攻击

102.44.61.241 埃及 命令注入攻击

蜜罐捕获IP

蜜罐捕捉扫描:

54.36.148.145

54.36.148.242

54.36.148.43

54.36.148.88

54.36.148.226

54.36.149.23

61.232.7.50

54.36.148.123

54.36.148.139

54.36.148.182

54.36.148.201

54.36.149.91

54.36.148.92

54.36.149.105

54.36.148.18

54.36.149.33

54.36.148.89

54.36.149.13

54.36.149.107

54.36.148.144

54.36.148.125

54.36.148.221

54.36.148.232

74.120.14.34

54.36.148.235

54.36.148.211

54.36.148.210

54.36.148.75

54.36.148.49

54.36.148.48

54.36.148.109

54.36.148.100

54.36.148.251

54.36.148.79

27.7.100.34

196.52.43.131

54.36.149.72

54.36.148.1

54.36.149.47

54.36.148.177

54.36.148.237

54.36.148.213

54.36.148.91

54.36.149.37

54.36.148.78

115.99.208.103

54.36.149.8

54.36.148.120

54.36.149.51

54.36.148.128

54.36.149.34

54.36.148.205

192.35.168.199

104.152.52.55

54.36.148.77

54.36.148.14

54.36.148.172

54.36.148.117

54.36.149.99

169.239.45.141

54.36.148.150

54.36.149.74

54.36.148.107

54.36.148.163

54.36.148.138

54.36.148.53

54.36.148.99

54.36.148.56

102.223.83.24

54.36.149.92

54.36.149.61

仅供参考

223.104.190.22 漏扫

阿里云扫描,疑似红队:

47.114.139.141

47.114.74.90

这两个阿里云地址大量扫描,且无对外服务开启,疑似红队扫描IP

红队ip:

182.99.153.12

115.28.143.82

182.135.226.133

203.80.57.7

183.199.240.4

39.105.0.188

117.69.137.140

180.126.244.114

139.198.18.159

182.192.180.21

33.27.242.22

131.32.122.11

22.213.32.251

129.78.110.128

139.19.117.1

192.241.220.154

171.67.70.128

74.120.14.64

162.142.125.64

167.248.133.64

133.34.149.5

192.35.169.96

62.234.98.147

192.241.235.11

192.241.225.132

111.6.79.50

103.48.23.34

183.192.179.16

139.129.249.239

118.24.121.69

192.35.168.144

45.148.10.28

93.150.109.127

184.105.139.70

185.39.11.105

94.102.49.193

46.173.172.103

80.42.232.223

108.211.154.53

61.49.49.22

156.96.44.176

45.67.228.180

75.141.185.50

161.35.230.16

164.90.200.100

167.248.133.49

45.148.10.28

83.97.20.35

83.97.20.25

59.151.43.20

196.52.43.105

139.129.249.239

118.24.121.69

192.35.168.144

192.35.168.199

93.150.109.127

打蜜罐IP:

183.56.165.217

183.136.225.56

最新情报:

83.97.20.35

83.97.20.25

59.151.43.20

196.52.43.105

139.129.249.239

118.24.121.69

192.35.168.144

192.35.168.199

93.150.109.127

公鸡队

最新情报:

185.202.1.103

攻击者ip:172.104.137.8

攻击次数:4

事件类型:漏洞利用

准确率高情报:

攻击者ip:223.244.81.200

被攻击ip:

分析人员:

攻击时间:2020-09-11 03:10:51

攻击次数:6

事件类型:web层执行系统命令_tz

事件描述:web层执行系统命令_tz

处置手段:建议封禁

准确率高情报:

45.33.42.63(事件:DNS服务服务器版本号请求操作)

185.100.87.250

167.248.133.49

193.93.62.16

68.9.229.235

64.227.88.222

42.236.10.117

最新可疑IP:

102.43.138.248

102.43.255.77

81.68.92.182

102.42.89.99

77.43.153.181

199.195.249.184

102.41.41.155

197.40.171.33

193.112.192.63

疑似阿里攻击队:

最近看到两个疑似阿里攻击队 两个域名xaliyun.com 和alifuzz.com 在漏扫中参数携带

最新红队IP:

2020你懂得:

42.236.10.125

AWVS扫描 IP:221.194.21.211、101.22.50.249、106.117.59.87、106.114.201.29、106.114.157.25、101.24.129.102、120.12.125.49、183.196.44.221

Weblogic 反序列化攻击 IP:153.12.73.57

183.248.199.216

101.227.139.172

183.192.164.85

106.123.43.161

110.152.33.98

222.82.132.134

49.118.199.179

124.117.95.243

49.118.154.247

61.151.207.205

101.91.60.104

218.202.157.34

60.13.139.206

124.118.180.74

124.117.159.4

101.91.60.104

QAX扫描爬虫地址白名单,IP地址:

[210.52.224.16/28]

[101.227.1.196/30]

[112.64.64.32/27]

[123.160.221.65/27]

[111.7.106.96/27]

Weblogic 反序列化攻击 上海 IP 112.64.64.44 微步标签 :恶意。

122.114.167.57

黑龙江发现107.178.79.86 221.194.44.235

113.109.60.15

122.114.167.57

大连局僵木蠕发现恶意IP:122.114.167.57

最新威胁IP:

106.75.211.108

111.202.167.0    54.39.246.186    10.210.0.57

47.107.236.124

176.121.14.175

121.36.149.225

172.93.107.2

114.118.4.200

122.51.131.86

47.101.35.67

141.98.80.152

185.70.187.156

102.43.138.248

102.43.255.77

81.68.92.182

102.42.89.99

77.43.153.181

199.195.249.184

102.41.41.155

197.40.171.33

193.112.192.63

204.79.197.200

13.107.246.10

217.175.192.12

202.69.23.152

23.64.8.179

202.69.23.152

122.224.45.229

52.208.183.68

101.199.113.116

95.107.48.115

54.39.98.124

34.194.108.77

47.99.196.234

103.94.181.81

103.94.181.81

http://122.114.222.249:8083

106.121.162.54

106.121.2.126

124.65.8.55

106.121.3.38

106.121.66.147

106.121.138.213

39.105.128.71

49.235.140.124

39.106.201.217

202.96.99.82

202.96.99.83

124.64.19.147

175.151.176.119

211.95.50.8

47.106.32.104

101.37.79.116

121.196.43.183

60.221.153.225

39.99.219.22

220.195.64.37

110.184.50.141

31.148.48.233

219.143.176.231

223.104.217.78

123.139.85.247

60.221.153.225

139.214.246.94

223.104.15.125

162.142.125.35

213.180.203.177

183.228.8.58

103.241.95.233

220.195.69.48

114.242.248.112

221.192.180.253

117.136.3.14

223.104.178.173

103.78.26.195

207.46.13.246

17.58.99.207

27.26.178.118

223.104.7.130

110.249.201.226

117.136.38.151

106.37.196.50

61.158.208.98

60.8.123.119

39.106.201.217

114.115.201.32

139.210.37.190

114.115.201.32

221.9.28.123

110.177.178.242

122.96.29.189

36.248.88.251

60.13.136.61

36.24.85.83

203.208.60.27

111.18.92.247

115.238.44.237

36.24.85.83

152.136.188.179

111.18.92.247

203.208.60.96

49.7.4.93.223

104.170.71

152.136.188.179

85.114.138.106

159.192.133.212

171.104.129.84

185.216.140.250

103.145.13.138

203.194.99.77

192.99.45.31

39.101.65.35

51.36.138.30

106.121.166.114

185.40.4.108

47.92.55.104

39.98.150.44

220.243.136.249

139.224.83.46

110.74.212.37

51.36.138.30

106.121.166.114

117.136.56.249

5.45.207.141

117.136.58.3

223.104.215.182

81.68.205.251

星球是免费的,某些蹭热度的喷子请自重!

HW期间欢迎大家交流经验以及提出问题!我也会和大家多讨论讨论

1933份网络安全资料,申请加入请介绍自己及来意否则认为广告不予通过。份网络安全

部分HW资料预览:

HW行动专项应急演练方案.pdf

企业做好这些,不怕HW.txt

HW总结模板.txt

2019年HW行动必备防御手册(V1).pdf

HW2019工作方案介绍及配套工作文档.zip

秘密···················

hvv最新情报-LMLPHP

本文分享自微信公众号 - WhITECat安全团队(WhITECat_007)。
如有侵权,请联系 [email protected] 删除。
本文参与“OSC源创计划”,欢迎正在阅读的你也加入,一起分享。

09-14 15:57
Powered by LMLPHP ©2025 辞令_WhITECat安全团队 0.060873