ioc[.]one - OSINT Cyber Threat Intelligence Database

Attackers exploit CVE-2021-26084 for XMRig crypto mining on affected Confluence servers | Imperva

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Confluence - T1213.001 Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Powershell - T1086 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	7910f5c1-6ee2-4a57-b93b-22a00245c8ff
Fingerprint	b521b8172eb39f89
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 13, 2021, 2:57 p.m.
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Attackers exploit CVE-2021-26084 for XMRig crypto mining on affected Confluence servers
Title	Attackers exploit CVE-2021-26084 for XMRig crypto mining on affected Confluence servers \| Imperva
Detected Hints/Tags/Attributes	56/2/37

Source URLs

	Redirection	Url
Details	Source	https://www.imperva.com/blog/attackers-exploit-cve-2021-26084-for-xmrig-crypto-mining-on-affected-confluence-servers/

URL Provider

Details	Provider	Source level domain
Details	imperva.com	www.imperva.com

Attributes

Details	Type	#Events	Value
Details	CVE	80	cve-2021-26084
Details	CVE	68	cve-2020-14882
Details	CVE	27	cve-2020-14883
Details	CVE	17	cve-2015-1427
Details	Domain	23	os.name
Details	Domain	138	java.io
Details	Domain	339	system.net
Details	Domain	7	kill.sh
Details	Domain	10	solr.sh
Details	File	16	lang.sys
Details	File	3	26084.txt
Details	File	2125	cmd.exe
Details	File	7	sys.ps1
Details	File	1	kg.txt
Details	File	4	kk.txt
Details	File	153	config.json
Details	File	2	solrd.exe
Details	File	23	xmrig.exe
Details	File	2	javae.exe
Details	File	15	clean.bat
Details	File	1208	powershell.exe
Details	IPv4	7	27.1.1.34
Details	IPv4	4	222.122.47.27
Details	IPv4	2	194.31.52.174
Details	IPv4	1	213.202.230.103
Details	Url	3	http://27.1.1.34:8080/docs/s/26084.txt
Details	Url	3	http://27.1.1.34:8080/docs/s/sys.ps1
Details	Url	1	http://27.1.1.34:8080/docs/s/kg.txt
Details	Url	1	http://27.1.1.34:8080/docs/s/kk.txt
Details	Url	3	http://27.1.1.34:8080/docs/s/kill.sh
Details	Url	4	http://27.1.1.34:8080/docs/s/config.json
Details	Url	2	http://222.122.47.27:2143/auth/solrd.exe
Details	Url	1	http://27.1.1.34:8080/docs/s/solr.sh
Details	Url	3	http://222.122.47.27:2143/auth/xmrig.exe
Details	Url	3	http://27.1.1.34:8080/examples/clean.bat
Details	Url	1	http://213.202.230.103/syna
Details	Url	1	http://213.202.230.103/quu