otx.alienvault.com
Open in
urlscan Pro
13.227.222.81
Public Scan
URL:
https://otx.alienvault.com/pulse/6139c2eff3981531042a860b?utm_userid=swimlanecyou&utm_medium=inproduct&utm_source=otx&utm_c...
Submission: On September 09 via api from US — Scanned from DE
Submission: On September 09 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× On Friday, September 10th, 2021 at 5pm US/Central time, OTX will be undergoing an internal migration. It is not expected that there will be any downtime, but all such migrations come with some risk. If you see any unexpected behavior, please report it to otx-support@alienvault.com. Screenshots and error messages, if available, would be very useful to diagnose problems. * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (157077) Suggest Edit Clone Embed Download Report Spam MUHSTIK TAKES AIM AT CONFLUENCE CVE 2021-26084 * Created 23 minutes ago by AlienVault * Public * TLP: White In line with USCYBERCOM’s warning, publicly available Confluence exploit scripts are being integrated into opportunistic attackers’ toolkits. Muhstik, a known threat actor targeting cloud and IoT, is one of these opportunistic attackers targeting vulnerable Confluence servers to spread their botnet. Lacework Labs observed bash droppers with zero detections on VirusTotal being used in conjunction with CVE 2021-26084. Reference: https://www.lacework.com/blog/muhstik-takes-aim-at-confluence-cve-2021-26084/ Tags: muhstik, Confluence, CVE 2021-26084, IoT, botnet Adversary: Muhstik Att&ck IDs: T1027 - Obfuscated Files or Information , T1110 - Brute Force , T1190 - Exploit Public-Facing Application , T1027.002 - Software Packing , T1053.003 - Cron , T1098.004 - SSH Authorized Keys , T1021.004 - SSH , T1059.004 - Unix Shell Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (100) * Related Pulses (30) * Comments (0) * History (0) CVE (1)Other (13)FileHash-MD5 (3)FileHash-SHA256 (17)FileHash-SHA1 (3)IPv4 (15) TYPES OF INDICATORS India (1)Other (4)Latvia (1)United States (5)Bulgaria (1)Germany (2) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses IPv4217.182.219.181Sep 9, 2021, 8:17:47 AM22 IPv4138.68.161.204Sep 9, 2021, 8:17:47 AM50 hostnamexxx.pokemoninc.comSep 9, 2021, 8:16:48 AM4 hostnamex.fd6fq54s6df541q23sdxfg.euSep 9, 2021, 8:16:48 AM0 hostnamewww.netexplanations.comSep 9, 2021, 8:16:48 AM0 hostnamewww.ancianossupervisados.comSep 9, 2021, 8:16:48 AM0 hostnamewireless.kei.suSep 9, 2021, 8:16:48 AM6 hostnamewired.kei.suSep 9, 2021, 8:16:48 AM4 hostnamewebmail.clinicaajudaanimal.com.brSep 9, 2021, 8:16:48 AM0 hostnamew.deutschland-zahlung.euSep 9, 2021, 8:16:48 AM0 SHOWING 1 TO 10 OF 100 ENTRIES 1 2 3 4 5 ... 10 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2021 AlienVault, Inc. * Legal * Status