« previous next »
Pages: [1]   Go Down

Author Topic: Networm activity detected...Telnet worms and scanners & aother abuse  (Read 733 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Networm activity detected...Telnet worms and scanners & aother abuse
« on: March 25, 2019, 03:11:41 PM »
What has been flagged by GreyNoise?
Quote
Name    Category    Intention    Confidence    First Seen    Last Updated
HNAP_WORM_CVE_2016_6563   worm   malicious   high   2019-03-14   2019-03-19
MIRAI   worm   malicious   high   2019-03-12   2019-03-24
TELNET_WORM_HIGH   worm   malicious   high   2019-01-31   2019-01-31
MIRAI   worm   malicious   high   2019-01-31   2019-02-01
TELNET_SCANNER_LOW   activity   Null   low   2019-01-31   2019-01-31
Where? Re: 83.110.79.16   Emirates Telecommunications Corporation   AS5384   -bba448580.alshamil.net.ae   Linux 2.2.x-3.x (Embedded)      2019-03-14   2019-03-19

See services and vulnerabilities: https://www.shodan.io/host/83.110.79.16
see: https://toolbar.netcraft.com/site_report?url=bba448580.alshamil.net.ae

bind DnsMasq and the seven flaws: https://www.cvedetails.com/vulnerability-list.php?vendor_id=8351&product_id=14557&version_id=235852&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=1&sha=1335c7d3d2b6cb8cd6e530fc86d0a42bb6cc2db2   &  https://www.exploit-db.com/exploits/42942

Has been reported four times: https://www.abuseipdb.com/check/83.110.79.16

Most recent report was 3 days ago,

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »