Analysis of Three CVE-2019-3396 POCs | Lacework
Tags
Common Information
| Type | Value |
|---|---|
| UUID | f22abb69-73d2-4f47-88a2-51ce568b3964 |
| Fingerprint | 1001187078ad08a3 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 24, 2019, midnight |
| Added to db | Aug. 31, 2024, 10:06 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | Analysis of Three CVE-2019-3396 POCs | Lacework |
| Title | Analysis of Three CVE-2019-3396 POCs | Lacework |
| Detected Hints/Tags/Attributes | 49/1/241 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.lacework.com/blog/cve-2019-3396-poc-deep-dive |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 326 | ✔ | Lacework Blog | https://www.lacework.com/lacework_blog.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 38 | cve-2019-3396 |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 768 | www.youtube.com |
|
| Details | Domain | 291 | raw.githubusercontent.com |
|
| Details | Domain | 138 | java.io |
|
| Details | Domain | 1 | scan.next |
|
| Details | Domain | 1 | www.jukesxdbrxd.xyz |
|
| Details | Domain | 1 | jukesbrxd.xyz |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 1 | post.open |
|
| Details | Domain | 74 | adodb.stream |
|
| Details | Domain | 1 | aget.open |
|
| Details | Domain | 12 | shell.run |
|
| Details | File | 1 | 20190404_web_confluence_path_traversal.py |
|
| Details | File | 40 | web.xml |
|
| Details | File | 15 | urllib.url |
|
| Details | File | 123 | os.sys |
|
| Details | File | 2 | start.jpg |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 226 | certutil.exe |
|
| Details | File | 1 | isassx.exe |
|
| Details | File | 1 | yss.exe |
|
| Details | File | 2 | ww.exe |
|
| Details | File | 1 | xsd.exe |
|
| Details | File | 1 | c:\windows\temp\1512421.exe |
|
| Details | File | 1 | c:\windows\temp\heshe.exe |
|
| Details | File | 1 | app.vbs |
|
| Details | File | 41 | msxml2.xml |
|
| Details | File | 10 | 12.exe |
|
| Details | File | 1 | apps.vbs |
|
| Details | File | 7 | 13.exe |
|
| Details | Github username | 1 | yt1g3r |
|
| Details | Github username | 1 | mcksysargentina |
|
| Details | Github username | 2 | jas502n |
|
| Details | Github username | 1 | x-f1v3 |
|
| Details | Github username | 1 | pyn3rd |
|
| Details | Github username | 4 | knownsec |
|
| Details | Github username | 1 | shadowsock5 |
|
| Details | IPv4 | 2 | 51.38.133.232 |
|
| Details | IPv4 | 2 | 51.15.56.161 |
|
| Details | IPv4 | 3 | 37.44.212.223 |
|
| Details | IPv4 | 1 | 68.183.164.16 |
|
| Details | IPv4 | 1 | 151.100.107.91 |
|
| Details | IPv4 | 1 | 209.90.36.181 |
|
| Details | IPv4 | 1 | 37.59.162.30 |
|
| Details | IPv4 | 1 | 91.236.116.92 |
|
| Details | IPv4 | 1 | 91.132.138.230 |
|
| Details | IPv4 | 1 | 91.132.138.222 |
|
| Details | IPv4 | 1 | 91.132.138.214 |
|
| Details | IPv4 | 1 | 91.132.138.206 |
|
| Details | IPv4 | 1 | 91.132.138.198 |
|
| Details | IPv4 | 1 | 91.132.136.92 |
|
| Details | IPv4 | 1 | 91.132.136.182 |
|
| Details | IPv4 | 1 | 91.132.136.134 |
|
| Details | IPv4 | 1 | 89.46.103.172 |
|
| Details | IPv4 | 1 | 89.187.165.154 |
|
| Details | IPv4 | 1 | 89.187.165.142 |
|
| Details | IPv4 | 1 | 89.187.162.96 |
|
| Details | IPv4 | 1 | 89.187.162.196 |
|
| Details | IPv4 | 1 | 89.187.162.124 |
|
| Details | IPv4 | 1 | 89.187.162.100 |
|
| Details | IPv4 | 1 | 89.184.67.198 |
|
| Details | IPv4 | 1 | 87.239.248.66 |
|
| Details | IPv4 | 1 | 87.101.92.70 |
|
| Details | IPv4 | 1 | 83.97.23.21 |
|
| Details | IPv4 | 1 | 82.102.25.246 |
|
| Details | IPv4 | 1 | 82.102.25.222 |
|
| Details | IPv4 | 1 | 82.102.23.14 |
|
| Details | IPv4 | 1 | 82.102.20.44 |
|
| Details | IPv4 | 1 | 82.102.20.36 |
|
| Details | IPv4 | 1 | 82.102.19.52 |
|
| Details | IPv4 | 1 | 82.102.19.217 |
|
| Details | IPv4 | 1 | 82.102.19.204 |
|
| Details | IPv4 | 1 | 82.102.19.196 |
|
| Details | IPv4 | 1 | 69.161.195.78 |
|
| Details | IPv4 | 1 | 69.161.195.103 |
|
| Details | IPv4 | 1 | 68.168.122.230 |
|
| Details | IPv4 | 1 | 68.168.115.54 |
|
| Details | IPv4 | 1 | 5.254.112.30 |
|
| Details | IPv4 | 1 | 5.254.106.222 |
|
| Details | IPv4 | 1 | 45.9.236.13 |
|
| Details | IPv4 | 1 | 37.120.131.244 |
|
| Details | IPv4 | 1 | 37.120.131.188 |
|
| Details | IPv4 | 1 | 31.13.191.169 |
|
| Details | IPv4 | 1 | 217.146.82.184 |
|
| Details | IPv4 | 1 | 217.146.82.179 |
|
| Details | IPv4 | 1 | 211.197.11.17 |
|
| Details | IPv4 | 1 | 209.58.189.102 |
|
| Details | IPv4 | 1 | 209.58.188.77 |
|
| Details | IPv4 | 2 | 209.58.188.49 |
|
| Details | IPv4 | 1 | 209.58.188.46 |
|
| Details | IPv4 | 1 | 209.58.188.169 |
|
| Details | IPv4 | 1 | 209.58.184.165 |
|
| Details | IPv4 | 1 | 209.58.184.123 |
|
| Details | IPv4 | 1 | 209.58.183.116 |
|
| Details | IPv4 | 1 | 209.58.163.147 |
|
| Details | IPv4 | 1 | 209.58.163.139 |
|
| Details | IPv4 | 1 | 207.30.28.101 |
|
| Details | IPv4 | 1 | 207.189.30.145 |
|
| Details | IPv4 | 1 | 207.189.30.141 |
|
| Details | IPv4 | 1 | 207.189.25.140 |
|
| Details | IPv4 | 1 | 207.189.25.136 |
|
| Details | IPv4 | 1 | 207.189.24.159 |
|
| Details | IPv4 | 1 | 207.189.24.155 |
|
| Details | IPv4 | 1 | 207.189.16.120 |
|
| Details | IPv4 | 1 | 207.189.16.116 |
|
| Details | IPv4 | 1 | 207.189.16.112 |
|
| Details | IPv4 | 1 | 2.58.45.246 |
|
| Details | IPv4 | 1 | 2.58.45.230 |
|
| Details | IPv4 | 1 | 2.58.45.222 |
|
| Details | IPv4 | 1 | 2.58.45.214 |
|
| Details | IPv4 | 1 | 199.241.125.81 |
|
| Details | IPv4 | 1 | 199.241.125.77 |
|
| Details | IPv4 | 1 | 199.241.120.80 |
|
| Details | IPv4 | 1 | 199.241.120.76 |
|
| Details | IPv4 | 1 | 199.241.120.72 |
|
| Details | IPv4 | 1 | 196.247.56.54 |
|
| Details | IPv4 | 1 | 196.247.56.46 |
|
| Details | IPv4 | 1 | 196.247.56.38 |
|
| Details | IPv4 | 1 | 196.196.241.70 |
|
| Details | IPv4 | 1 | 196.196.200.36 |
|
| Details | IPv4 | 1 | 196.196.193.14 |
|
| Details | IPv4 | 1 | 195.242.213.230 |
|
| Details | IPv4 | 4 | 195.242.213.155 |
|
| Details | IPv4 | 1 | 195.242.213.122 |
|
| Details | IPv4 | 1 | 195.206.105.246 |
|
| Details | IPv4 | 1 | 195.12.48.200 |
|
| Details | IPv4 | 1 | 193.36.116.178 |
|
| Details | IPv4 | 1 | 193.36.116.174 |
|
| Details | IPv4 | 1 | 193.138.63.154 |
|
| Details | IPv4 | 1 | 193.105.134.113 |
|
| Details | IPv4 | 1 | 192.40.89.235 |
|
| Details | IPv4 | 1 | 192.171.29.101 |
|
| Details | IPv4 | 1 | 185.93.2.202 |
|
| Details | IPv4 | 1 | 185.93.2.145 |
|
| Details | IPv4 | 1 | 185.76.9.99 |
|
| Details | IPv4 | 1 | 185.76.9.109 |
|
| Details | IPv4 | 1 | 185.76.9.104 |
|
| Details | IPv4 | 1 | 185.59.222.117 |
|
| Details | IPv4 | 1 | 185.5.172.102 |
|
| Details | IPv4 | 1 | 185.246.211.98 |
|
| Details | IPv4 | 1 | 185.246.211.87 |
|
| Details | IPv4 | 1 | 185.245.87.244 |
|
| Details | IPv4 | 1 | 185.245.86.36 |
|
| Details | IPv4 | 1 | 185.245.84.244 |
|
| Details | IPv4 | 1 | 185.244.213.132 |
|
| Details | IPv4 | 1 | 185.236.42.113 |
|
| Details | IPv4 | 1 | 185.236.203.92 |
|
| Details | IPv4 | 1 | 185.236.203.76 |
|
| Details | IPv4 | 1 | 185.236.203.12 |
|
| Details | IPv4 | 1 | 185.236.201.227 |
|
| Details | IPv4 | 1 | 185.236.200.204 |
|
| Details | IPv4 | 1 | 185.232.21.100 |
|
| Details | IPv4 | 1 | 185.217.171.49 |
|
| Details | IPv4 | 1 | 185.217.171.45 |
|
| Details | IPv4 | 1 | 185.217.171.41 |
|
| Details | IPv4 | 1 | 185.217.171.37 |
|
| Details | IPv4 | 1 | 185.217.171.10 |
|
| Details | IPv4 | 1 | 185.212.169.92 |
|
| Details | IPv4 | 1 | 185.212.169.124 |
|
| Details | IPv4 | 1 | 185.200.116.158 |
|
| Details | IPv4 | 1 | 185.195.202.28 |
|
| Details | IPv4 | 1 | 185.195.202.18 |
|
| Details | IPv4 | 1 | 185.195.202.13 |
|
| Details | IPv4 | 1 | 185.153.179.77 |
|
| Details | IPv4 | 1 | 185.153.179.69 |
|
| Details | IPv4 | 1 | 185.153.179.65 |
|
| Details | IPv4 | 1 | 185.128.25.57 |
|
| Details | IPv4 | 1 | 185.128.25.228 |
|
| Details | IPv4 | 1 | 185.128.25.220 |
|
| Details | IPv4 | 1 | 185.107.94.164 |
|
| Details | IPv4 | 1 | 184.75.212.54 |
|
| Details | IPv4 | 1 | 184.75.212.14 |
|
| Details | IPv4 | 1 | 178.175.132.28 |
|
| Details | IPv4 | 1 | 173.209.57.14 |
|
| Details | IPv4 | 1 | 172.83.40.227 |
|
| Details | IPv4 | 1 | 165.84.230.141 |
|
| Details | IPv4 | 1 | 165.84.230.137 |
|
| Details | IPv4 | 1 | 165.84.226.104 |
|
| Details | IPv4 | 1 | 165.231.40.6 |
|
| Details | IPv4 | 1 | 165.231.40.30 |
|
| Details | IPv4 | 1 | 165.231.40.22 |
|
| Details | IPv4 | 1 | 165.231.40.14 |
|
| Details | IPv4 | 1 | 165.231.210.12 |
|
| Details | IPv4 | 1 | 165.231.142.12 |
|
| Details | IPv4 | 1 | 162.253.71.240 |
|
| Details | IPv4 | 1 | 152.89.162.246 |
|
| Details | IPv4 | 1 | 144.48.36.86 |
|
| Details | IPv4 | 1 | 139.28.218.220 |
|
| Details | IPv4 | 1 | 134.19.180.167 |
|
| Details | IPv4 | 1 | 134.19.176.46 |
|
| Details | IPv4 | 2 | 130.61.54.136 |
|
| Details | IPv4 | 1 | 130.185.155.6 |
|
| Details | IPv4 | 1 | 107.181.177.25 |
|
| Details | IPv4 | 1 | 104.222.154.20 |
|
| Details | IPv4 | 1 | 104.222.154.12 |
|
| Details | IPv4 | 1 | 104.222.153.20 |
|
| Details | IPv4 | 1 | 104.128.136.44 |
|
| Details | IPv4 | 1 | 104.128.136.40 |
|
| Details | IPv4 | 1 | 103.137.12.166 |
|
| Details | IPv4 | 1 | 103.137.12.158 |
|
| Details | IPv4 | 1 | 103.137.12.150 |
|
| Details | IPv4 | 1 | 103.137.12.142 |
|
| Details | IPv4 | 1 | 103.137.12.134 |
|
| Details | IPv4 | 1 | 103.107.196.158 |
|
| Details | IPv4 | 1 | 103.107.196.150 |
|
| Details | IPv4 | 1 | 103.107.196.134 |
|
| Details | Url | 1 | https://github.com/yt1g3r/cve-2019-3396_exp |
|
| Details | Url | 1 | https://github.com/mcksysargentina/cve-2019-3396/blob/master/x.vm |
|
| Details | Url | 1 | https://github.com/jas502n/cve-2019-3396 |
|
| Details | Url | 1 | https://github.com/x-f1v3/cve-2019-3396 |
|
| Details | Url | 1 | https://github.com/pyn3rd/cve-2019-3396 |
|
| Details | Url | 1 | https://github.com/knownsec/pocsuite3/blob/master/pocsuite3/pocs/20190404_web_confluence_path_traversal.py |
|
| Details | Url | 1 | https://github.com/shadowsock5/cve-2019-3396 |
|
| Details | Url | 1 | https://www.youtube.com/watch?v=syrltisvjww |
|
| Details | Url | 1 | ftp://51.38.133.232:201/cmd.vm |
|
| Details | Url | 1 | ftp://51.15.56.161:201/cmd.vm |
|
| Details | Url | 1 | https://raw.githubusercontent.com/mcksysargentina/cve-2019-3396/master/x.vm |
|
| Details | Url | 1 | ftp://37.44.212.223/xd.vm |
|
| Details | Url | 1 | ftp://37.44.212.223/xd2.vm |
|
| Details | Url | 1 | ftp://68.183.164.16:2121/xmm2.vm |
|
| Details | Url | 1 | ftp://68.183.164.16:2121/xmm1.vm |
|
| Details | Url | 1 | ftp://68.183.164.16:2121/vlr.vm |
|
| Details | Url | 1 | ftp://68.183.164.16:2121/ty2.vm |
|
| Details | Url | 1 | ftp://68.183.164.16:2121/ty1.vm |
|
| Details | Url | 1 | ftp://68.183.164.16:2121/ki2.vm |
|
| Details | Url | 1 | ftp://68.183.164.16:2121/ki1.vm |
|
| Details | Url | 1 | ftp://68.183.164.16:2121/di2.vm |
|
| Details | Url | 1 | ftp://68.183.164.16:2121/di1.vm |
|
| Details | Url | 1 | ftp://68.183.164.16:2121/bts2.vm |
|
| Details | Url | 1 | ftp://68.183.164.16:2121/bts1.vm |
|
| Details | Url | 1 | https://github.com/yt1g3r/cve-2019-3396_exp/blob/master/cmd.vm |
|
| Details | Url | 1 | http://51.38.133.232 |
|
| Details | Url | 1 | http://51.15.56.161:443 |
|
| Details | Url | 1 | http://209.90.36.181/sites/default/files/img |
|
| Details | Url | 1 | https://github.com/x-f1v3/cve-2019-3396/blob/master/1.vm |
|
| Details | Url | 1 | http://www.jukesxdbrxd.xyz/start.jpg|bash |
|
| Details | Url | 1 | http://jukesbrxd.xyz/isassx.exe |
|
| Details | Url | 1 | http://jukesbrxd.xyz/ww.exe |
|
| Details | Url | 1 | http://jukesbrxd.xyz/isassx.exe','c:\windows\temp\1512421.exe |
|
| Details | Url | 1 | http://jukesbrxd.xyz/ww.exe','c:\windows\temp\heshe.exe |