ioc[.]one - OSINT Cyber Threat Intelligence Database

Continued Exploitation of CVE-2021-26084

Tags

country:	Hong Kong
attack-pattern:	Botnet - T1583.005 Botnet - T1584.005 Confluence - T1213.001 Cron - T1053.003 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Brute Force - T1110

Show in Graph

Common Information

Type	Value
UUID	272726f6-2a0b-40c3-84eb-fee4b500d312
Fingerprint	a084aa15a5573fa9
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 12, 2021, midnight
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	Continued Exploitation of CVE-2021-26084
Title	Continued Exploitation of CVE-2021-26084
Detected Hints/Tags/Attributes	52/2/55

Source URLs

	Redirection	Url
Details	Source	https://www.ironnet.com/blog/continued-exploitation-of-cve-2021-26084

URL Provider

Details	Provider	Source level domain
Details	ironnet.com	www.ironnet.com

Attributes

Details	Type	#Events	Value
Details	CVE	80	cve-2021-26084
Details	Domain	7	kill.sh
Details	Domain	2	windowsupdatesupport.org
Details	Domain	1	loader.sh
Details	Domain	358	pastebin.com
Details	Domain	10	solr.sh
Details	Domain	1	shack2.org
Details	Domain	4127	github.com
Details	Domain	4	valhalla.nextron-systems.com
Details	File	3	26084.txt
Details	File	1	asd.txt
Details	File	5	conf.txt
Details	File	1	javaget.txt
Details	File	153	config.json
Details	File	2	solrd.exe
Details	File	1	013f24efa637d00962abc741457f51a4ee64354c.jsp
Details	File	1	4.jsp
Details	Github username	4	ysrc
Details	Github username	2	xl7dev
Details	Github username	3	shack2
Details	Github username	35	neo23x0
Details	md5	1	d1e6782be9c399dc6fcf591bf6330e9b
Details	md5	1	9d294620989e33bb3ed4b3ca7e381cc0
Details	md5	1	b0ecaadb4da7c861f3400c6b03ed481b
Details	md5	2	25ee4001eb4e91f7ea0bc5d07f2a9744
Details	sha1	1	013f24efa637d00962abc741457f51a4ee64354c
Details	sha256	1	fcb1ee9c2c0ee0c8afd4324e5958a203481ea201ff1fb573de6e6d6a9e0752da
Details	IPv4	3	172.96.249.219
Details	IPv4	1	209.141.50.210
Details	IPv4	7	27.1.1.34
Details	IPv4	1	185.186.246.24
Details	IPv4	1	222.117.104.59
Details	IPv4	4	222.122.47.27
Details	IPv4	10	194.145.227.21
Details	Url	3	http://172.96.249.219:88/.jpg
Details	Url	1	http://209.141.50.210/syna
Details	Url	3	http://27.1.1.34:8080/docs/s/26084.txt
Details	Url	1	http://27.1.1.34:8080/docs/s/asd.txt
Details	Url	1	http://27.1.1.34:8080/docs/s/conf.txt
Details	Url	3	http://27.1.1.34:8080/docs/s/kill.sh
Details	Url	1	http://m.windowsupdatesupport.org/d/loader.sh
Details	Url	1	http://185.186.246.24/d/loader.sh?con
Details	Url	1	http://m.windowsupdatesupport.org/d/kworkers
Details	Url	1	http://222.117.104.59:8090/about/javaget.txt
Details	Url	1	https://pastebin.com/raw/d4eiwzqx
Details	Url	1	http://222.117.104.59:8090/about/config.json
Details	Url	1	http://222.117.104.59:8090/about/kill.sh
Details	Url	1	http://222.117.104.59:8090/about/solr.sh
Details	Url	2	http://222.122.47.27:2143/auth/solrd.exe
Details	Url	2	http://194.145.227.21
Details	Url	1	https://github.com/ysrc/webshell-sample/blob/master/jsp/013f24efa637d00962abc741457f51a4ee64354c.jsp
Details	Url	1	https://github.com/xl7dev/webshell/blob/master/jsp/sjavawebmanagev1.4.jsp
Details	Url	1	https://github.com/shack2.
Details	Url	1	https://valhalla.nextron-systems.com/info/rule/apt_cn_jsp_shack2_webshell_apr20_1
Details	Url	1	https://github.com/neo23x0/signature-base/search?q=webshell_jsp_generic