实时更新情报共享平台:https://www.secshi.com/circle/qingbao
文末大量HVV资料免费知识星球,6000人已加入!
威胁情报仅作参考,如因误封IP及任何其他操作产生的后果与发布者无关。
可信度:中:
【WPS 0Day】wps 0day已经出现,中招表现为,表格点击后windows开始更新,请各位提高安全意识,切勿点击钓鱼邮件中的附件,内外网禁止交叉传输数据。
一.今日新增钓鱼邮件主题
商业报价
发货到达通知
passsword expiry
二.漏洞通告
【漏洞通告】Apache DolphinScheduler高危漏洞(CVE-2020-11974、CVE-2020-13922)
https://mp.weixin.qq.com/s/TvT22Wdw-SPBCKcl2pm2Pg
二.安全设备漏洞
【情报】漏洞预警:深信服EDR(新版)、天融信Top-app LB负载均衡SQL注入、绿盟UTS管理员任意登录漏洞
接情报消息,深信服EDR(新)、奇治堡垒机、联软准入、天融信Top-app LB负载均衡及绿盟UTS等设备存在0day漏洞,请各企事业单位根据资产情况,梳理本单位存在以上设备的情况,加强监控,以避免遭受攻击
关于绿盟科技UTS产品受“管理员任意登录漏洞”影响的说明:https://mp.weixin.qq.com/s/4gCLvwkGsxYL8TxV50T8ng
三.云端监控到的IP
223.206.4.53 扫描
101.75.90.231 漏洞利用
77.43.167.178 注入攻击
152.136.191.111 扫描
106.75.119.46扫描
149.3.170.181恶意软件
178.154.200.130 扫描
144.76.40.222 扫描
58.220.220.165
93.170.170.103
发的ip也是云端监控,可能存在误报,请鉴定后使用
【hw共享】已确认黑IP:
49.232.115.16
49.232.115.242
49.232.72.64
49.233.58.23
准确率极高:
49.235.165.22 上海 攻击11次(包含宝塔未授权/vbulletin 5.x命令执行)
183.146.208.203 浙江金华 phpstudy任意命令执行
138.99.6.169 阿根廷 vbulletin 5.x 前台代码执行
103.145.13.24 荷兰 北荷兰省 scanner攻击
103.72.221.81 印度 命令注入攻击
102.44.61.241 埃及 命令注入攻击
蜜罐捕获IP
蜜罐捕捉扫描:
54.36.148.145
54.36.148.242
54.36.148.43
54.36.148.88
54.36.148.226
54.36.149.23
61.232.7.50
54.36.148.123
54.36.148.139
54.36.148.182
54.36.148.201
54.36.149.91
54.36.148.92
54.36.149.105
54.36.148.18
54.36.149.33
54.36.148.89
54.36.149.13
54.36.149.107
54.36.148.144
54.36.148.125
54.36.148.221
54.36.148.232
74.120.14.34
54.36.148.235
54.36.148.211
54.36.148.210
54.36.148.75
54.36.148.49
54.36.148.48
54.36.148.109
54.36.148.100
54.36.148.251
54.36.148.79
27.7.100.34
196.52.43.131
54.36.149.72
54.36.148.1
54.36.149.47
54.36.148.177
54.36.148.237
54.36.148.213
54.36.148.91
54.36.149.37
54.36.148.78
115.99.208.103
54.36.149.8
54.36.148.120
54.36.149.51
54.36.148.128
54.36.149.34
54.36.148.205
192.35.168.199
104.152.52.55
54.36.148.77
54.36.148.14
54.36.148.172
54.36.148.117
54.36.149.99
169.239.45.141
54.36.148.150
54.36.149.74
54.36.148.107
54.36.148.163
54.36.148.138
54.36.148.53
54.36.148.99
54.36.148.56
102.223.83.24
54.36.149.92
54.36.149.61
仅供参考
223.104.190.22 漏扫
阿里云扫描,疑似红队:
47.114.139.141
47.114.74.90
这两个阿里云地址大量扫描,且无对外服务开启,疑似红队扫描IP
红队ip:
182.99.153.12
115.28.143.82
182.135.226.133
203.80.57.7
183.199.240.4
39.105.0.188
117.69.137.140
180.126.244.114
139.198.18.159
182.192.180.21
33.27.242.22
131.32.122.11
22.213.32.251
129.78.110.128
139.19.117.1
192.241.220.154
171.67.70.128
74.120.14.64
162.142.125.64
167.248.133.64
133.34.149.5
192.35.169.96
62.234.98.147
192.241.235.11
192.241.225.132
111.6.79.50
103.48.23.34
183.192.179.16
139.129.249.239
118.24.121.69
192.35.168.144
45.148.10.28
93.150.109.127
184.105.139.70
185.39.11.105
94.102.49.193
46.173.172.103
80.42.232.223
108.211.154.53
61.49.49.22
156.96.44.176
45.67.228.180
75.141.185.50
161.35.230.16
164.90.200.100
167.248.133.49
45.148.10.28
83.97.20.35
83.97.20.25
59.151.43.20
196.52.43.105
139.129.249.239
118.24.121.69
192.35.168.144
192.35.168.199
93.150.109.127
打蜜罐IP:
183.56.165.217
183.136.225.56
最新情报:
83.97.20.35
83.97.20.25
59.151.43.20
196.52.43.105
139.129.249.239
118.24.121.69
192.35.168.144
192.35.168.199
93.150.109.127
公鸡队
最新情报:
185.202.1.103
攻击者ip:172.104.137.8
攻击次数:4
事件类型:漏洞利用
准确率高情报:
攻击者ip:223.244.81.200
被攻击ip:
分析人员:
攻击时间:2020-09-11 03:10:51
攻击次数:6
事件类型:web层执行系统命令_tz
事件描述:web层执行系统命令_tz
处置手段:建议封禁
准确率高情报:
45.33.42.63(事件:DNS服务服务器版本号请求操作)
185.100.87.250
167.248.133.49
193.93.62.16
68.9.229.235
64.227.88.222
42.236.10.117
最新可疑IP:
102.43.138.248
102.43.255.77
81.68.92.182
102.42.89.99
77.43.153.181
199.195.249.184
102.41.41.155
197.40.171.33
193.112.192.63
疑似阿里攻击队:
最近看到两个疑似阿里攻击队 两个域名xaliyun.com 和alifuzz.com 在漏扫中参数携带
最新红队IP:
2020你懂得:
42.236.10.125
AWVS扫描 IP:221.194.21.211、101.22.50.249、106.117.59.87、106.114.201.29、106.114.157.25、101.24.129.102、120.12.125.49、183.196.44.221
Weblogic 反序列化攻击 IP:153.12.73.57
183.248.199.216
101.227.139.172
183.192.164.85
106.123.43.161
110.152.33.98
222.82.132.134
49.118.199.179
124.117.95.243
49.118.154.247
61.151.207.205
101.91.60.104
218.202.157.34
60.13.139.206
124.118.180.74
124.117.159.4
101.91.60.104
QAX扫描爬虫地址白名单,IP地址:
[210.52.224.16/28]
[101.227.1.196/30]
[112.64.64.32/27]
[123.160.221.65/27]
[111.7.106.96/27]
Weblogic 反序列化攻击 上海 IP 112.64.64.44 微步标签 :恶意。
122.114.167.57
黑龙江发现107.178.79.86 221.194.44.235
113.109.60.15
122.114.167.57
大连局僵木蠕发现恶意IP:122.114.167.57
最新威胁IP:
106.75.211.108
111.202.167.0 54.39.246.186 10.210.0.57
47.107.236.124
176.121.14.175
121.36.149.225
172.93.107.2
114.118.4.200
122.51.131.86
47.101.35.67
141.98.80.152
185.70.187.156
102.43.138.248
102.43.255.77
81.68.92.182
102.42.89.99
77.43.153.181
199.195.249.184
102.41.41.155
197.40.171.33
193.112.192.63
204.79.197.200
13.107.246.10
217.175.192.12
202.69.23.152
23.64.8.179
202.69.23.152
122.224.45.229
52.208.183.68
101.199.113.116
95.107.48.115
54.39.98.124
34.194.108.77
47.99.196.234
103.94.181.81
103.94.181.81
http://122.114.222.249:8083
106.121.162.54
106.121.2.126
124.65.8.55
106.121.3.38
106.121.66.147
106.121.138.213
39.105.128.71
49.235.140.124
39.106.201.217
202.96.99.82
202.96.99.83
124.64.19.147
175.151.176.119
211.95.50.8
47.106.32.104
101.37.79.116
121.196.43.183
60.221.153.225
39.99.219.22
220.195.64.37
110.184.50.141
31.148.48.233
219.143.176.231
223.104.217.78
123.139.85.247
60.221.153.225
139.214.246.94
223.104.15.125
162.142.125.35
213.180.203.177
183.228.8.58
103.241.95.233
220.195.69.48
114.242.248.112
221.192.180.253
117.136.3.14
223.104.178.173
103.78.26.195
207.46.13.246
17.58.99.207
27.26.178.118
223.104.7.130
110.249.201.226
117.136.38.151
106.37.196.50
61.158.208.98
60.8.123.119
39.106.201.217
114.115.201.32
139.210.37.190
114.115.201.32
221.9.28.123
110.177.178.242
122.96.29.189
36.248.88.251
60.13.136.61
36.24.85.83
203.208.60.27
111.18.92.247
115.238.44.237
36.24.85.83
152.136.188.179
111.18.92.247
203.208.60.96
49.7.4.93.223
104.170.71
152.136.188.179
85.114.138.106
159.192.133.212
171.104.129.84
185.216.140.250
103.145.13.138
203.194.99.77
192.99.45.31
39.101.65.35
51.36.138.30
106.121.166.114
185.40.4.108
47.92.55.104
39.98.150.44
220.243.136.249
139.224.83.46
110.74.212.37
51.36.138.30
106.121.166.114
117.136.56.249
5.45.207.141
117.136.58.3
223.104.215.182
81.68.205.251
星球是免费的,某些蹭热度的喷子请自重!
HW期间欢迎大家交流经验以及提出问题!我也会和大家多讨论讨论
1933份网络安全资料,申请加入请介绍自己及来意,否则认为广告不予通过。份网络安全
部分HW资料预览:
HW行动专项应急演练方案.pdf
企业做好这些,不怕HW.txt
HW总结模板.txt
2019年HW行动必备防御手册(V1).pdf
HW2019工作方案介绍及配套工作文档.zip
秘密···················
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论