Search...

Generic Command Shell, Reverse TCP Inline

2006-08-26T02:13:25

ID MSF:PAYLOAD/GENERIC/SHELL_REVERSE_TCP
Type metasploit
Reporter Rapid7
Modified 2017-07-24T13:26:21

Description

Connect back to attacker and spawn a command shell

                                        
                                            ##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core/payload/generic'
require 'msf/core/handler/reverse_tcp'

module MetasploitModule

  CachedSize = 0

  include Msf::Payload::Single
  include Msf::Payload::Generic

  def initialize(info = {})
    super(merge_info(info,
      'Name'          =&gt; 'Generic Command Shell, Reverse TCP Inline',
      'Description'   =&gt; 'Connect back to attacker and spawn a command shell',
      'Author'        =&gt; 'skape',
      'License'       =&gt; MSF_LICENSE,
      'Handler'       =&gt; Msf::Handler::ReverseTcp,
      'Session'       =&gt; Msf::Sessions::CommandShell
      ))
  end
end

JSON Vulners Source

Initial Source

{"id": "MSF:PAYLOAD/GENERIC/SHELL_REVERSE_TCP", "type": "metasploit", "bulletinFamily": "exploit", "title": "Generic Command Shell, Reverse TCP Inline", "description": "Connect back to attacker and spawn a command shell\n", "published": "2006-08-26T02:13:25", "modified": "2017-07-24T13:26:21", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2020-08-27T05:58:42", "viewCount": 365, "enchantments": {"score": {"value": 0.6, "vector": "NONE", "modified": "2020-08-27T05:58:42", "rev": 2}, "dependencies": {"references": [{"type": "carbonblack", "idList": ["CARBONBLACK:D8F177C71ED7193B2BE394503D8DC4C2"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5B399D59CF91A861E1E5FF10923687F2"]}, {"type": "mssecure", "idList": ["MSSECURE:8F3E6CE08786178A57BEC93818B0A4A1"]}, {"type": "rst", "idList": ["RST:09A6E900-E8E2-3F95-8044-B8F6A3C0A578", "RST:07B2E39A-66F7-3860-9CBA-47096DD3D6EE", "RST:47FEBAC4-9A89-3110-823B-8DEC9A044D0D", "RST:1B0A9D78-E7D5-36CB-8C8B-EE919F7119EE", "RST:41F36F6C-DE32-3833-A8CF-4C0797DA3524", "RST:F013681C-37AE-3364-88B5-32B9FBA04F3D", "RST:0A5B7E6E-1776-38AB-9E0B-7D71DD0D1B2F", "RST:566917E9-969E-3925-A333-10821C6B2237", "RST:AB9A2581-B5D6-3C74-BFA9-BF3BD709D402", "RST:9548B9FE-F20C-3556-A6A2-2A6791216526"]}], "modified": "2020-08-27T05:58:42", "rev": 2}, "vulnersScore": 0.6}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/payloads/singles/generic/shell_reverse_tcp.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'msf/core/payload/generic'\nrequire 'msf/core/handler/reverse_tcp'\n\nmodule MetasploitModule\n\n CachedSize = 0\n\n include Msf::Payload::Single\n include Msf::Payload::Generic\n\n def initialize(info = {})\n super(merge_info(info,\n 'Name' => 'Generic Command Shell, Reverse TCP Inline',\n 'Description' => 'Connect back to attacker and spawn a command shell',\n 'Author' => 'skape',\n 'License' => MSF_LICENSE,\n 'Handler' => Msf::Handler::ReverseTcp,\n 'Session' => Msf::Sessions::CommandShell\n ))\n end\nend\n", "metasploitReliability": "", "metasploitHistory": ""}

{"ubuntu": [{"lastseen": "2021-02-25T11:51:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-27815", "CVE-2020-29374", "CVE-2020-29568", "CVE-2020-29661", "CVE-2020-29660"], "description": "It was discovered that the jfs file system implementation in the Linux \nkernel contained an out-of-bounds read vulnerability. A local attacker \ncould use this to possibly cause a denial of service (system crash). \n(CVE-2020-27815)\n\nIt was discovered that the memory management subsystem in the Linux kernel \ndid not properly handle copy-on-write operations in some situations. A \nlocal attacker could possibly use this to gain unintended write access to \nread-only memory pages. (CVE-2020-29374)\n\nMichael Kurth and Pawel Wieczorkiewicz discovered that the Xen event \nprocessing backend in the Linux kernel did not properly limit the number of \nevents queued. An attacker in a guest VM could use this to cause a denial \nof service in the host OS. (CVE-2020-29568)\n\nJann Horn discovered that the tty subsystem of the Linux kernel did not use \nconsistent locking in some situations, leading to a read-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly expose sensitive information (kernel memory). \n(CVE-2020-29660)\n\nJann Horn discovered a race condition in the tty subsystem of the Linux \nkernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- \nfree vulnerability. A local attacker could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-29661)", "edition": 1, "modified": "2021-02-25T00:00:00", "published": "2021-02-25T00:00:00", "id": "USN-4748-1", "href": "https://ubuntu.com/security/notices/USN-4748-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-25T12:00:44", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28588", "CVE-2020-27830", "CVE-2020-27815", "CVE-2020-25669", "CVE-2020-28941", "CVE-2020-29569", "CVE-2020-29568", "CVE-2021-20177", "CVE-2020-29661", "CVE-2020-29660"], "description": "Bodong Zhao discovered a use-after-free in the Sun keyboard driver \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service or possibly execute arbitrary code. \n(CVE-2020-25669)\n\nIt was discovered that the jfs file system implementation in the Linux \nkernel contained an out-of-bounds read vulnerability. A local attacker \ncould use this to possibly cause a denial of service (system crash). \n(CVE-2020-27815)\n\nShisong Qin and Bodong Zhao discovered that Speakup screen reader driver in \nthe Linux kernel did not correctly handle setting line discipline in some \nsituations. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2020-27830, CVE-2020-28941)\n\nIt was discovered that an information leak existed in the syscall \nimplementation in the Linux kernel on 32 bit systems. A local attacker \ncould use this to expose sensitive information (kernel memory). \n(CVE-2020-28588)\n\nMichael Kurth and Pawel Wieczorkiewicz discovered that the Xen event \nprocessing backend in the Linux kernel did not properly limit the number of \nevents queued. An attacker in a guest VM could use this to cause a denial \nof service in the host OS. (CVE-2020-29568)\n\nOlivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the \nXen paravirt block backend in the Linux kernel, leading to a use-after-free \nvulnerability. An attacker in a guest VM could use this to cause a denial \nof service in the host OS. (CVE-2020-29569)\n\nJann Horn discovered that the tty subsystem of the Linux kernel did not use \nconsistent locking in some situations, leading to a read-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly expose sensitive information (kernel memory). \n(CVE-2020-29660)\n\nJann Horn discovered a race condition in the tty subsystem of the Linux \nkernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- \nfree vulnerability. A local attacker could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-29661)\n\nIt was discovered that the netfilter subsystem in the Linux kernel did not \nproperly handle filter rules in some situations. A local attacker with the \nCAP_NET_ADMIN capability could use this to cause a denial of service. \n(CVE-2021-20177)", "edition": 1, "modified": "2021-02-25T00:00:00", "published": "2021-02-25T00:00:00", "id": "USN-4750-1", "href": "https://ubuntu.com/security/notices/USN-4750-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-25T11:51:34", "bulletinFamily": "unix", "cvelist": ["CVE-2020-27830", "CVE-2020-27815", "CVE-2020-25669", "CVE-2020-28941", "CVE-2020-29569", "CVE-2020-29374", "CVE-2020-29568", "CVE-2020-29661", "CVE-2020-29660"], "description": "Bodong Zhao discovered a use-after-free in the Sun keyboard driver \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service or possibly execute arbitrary code. \n(CVE-2020-25669)\n\nIt was discovered that the jfs file system implementation in the Linux \nkernel contained an out-of-bounds read vulnerability. A local attacker \ncould use this to possibly cause a denial of service (system crash). \n(CVE-2020-27815)\n\nShisong Qin and Bodong Zhao discovered that Speakup screen reader driver in \nthe Linux kernel did not correctly handle setting line discipline in some \nsituations. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2020-27830, CVE-2020-28941)\n\nIt was discovered that the memory management subsystem in the Linux kernel \ndid not properly handle copy-on-write operations in some situations. A \nlocal attacker could possibly use this to gain unintended write access to \nread-only memory pages. (CVE-2020-29374)\n\nMichael Kurth and Pawel Wieczorkiewicz discovered that the Xen event \nprocessing backend in the Linux kernel did not properly limit the number of \nevents queued. An attacker in a guest VM could use this to cause a denial \nof service in the host OS. (CVE-2020-29568)\n\nOlivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the \nXen paravirt block backend in the Linux kernel, leading to a use-after-free \nvulnerability. An attacker in a guest VM could use this to cause a denial \nof service in the host OS. (CVE-2020-29569)\n\nJann Horn discovered that the tty subsystem of the Linux kernel did not use \nconsistent locking in some situations, leading to a read-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly expose sensitive information (kernel memory). \n(CVE-2020-29660)\n\nJann Horn discovered a race condition in the tty subsystem of the Linux \nkernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- \nfree vulnerability. A local attacker could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-29661)", "edition": 1, "modified": "2021-02-25T00:00:00", "published": "2021-02-25T00:00:00", "id": "USN-4749-1", "href": "https://ubuntu.com/security/notices/USN-4749-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-25T12:02:36", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28588", "CVE-2020-27675", "CVE-2020-27830", "CVE-2020-35508", "CVE-2020-27815", "CVE-2020-27835", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-29569", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-29568", "CVE-2020-25668", "CVE-2020-29661", "CVE-2020-28974", "CVE-2020-25704", "CVE-2020-29660"], "description": "It was discovered that the console keyboard driver in the Linux kernel \ncontained a race condition. A local attacker could use this to expose \nsensitive information (kernel memory). (CVE-2020-25656)\n\nMinh Yuan discovered that the tty driver in the Linux kernel contained race \nconditions when handling fonts. A local attacker could possibly use this to \nexpose sensitive information (kernel memory). (CVE-2020-25668)\n\nBodong Zhao discovered a use-after-free in the Sun keyboard driver \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service or possibly execute arbitrary code. \n(CVE-2020-25669)\n\nKiyin (\u5c39\u4eae) discovered that the perf subsystem in the Linux kernel did \nnot properly deallocate memory in some situations. A privileged attacker \ncould use this to cause a denial of service (kernel memory exhaustion). \n(CVE-2020-25704)\n\nJulien Grall discovered that the Xen dom0 event handler in the Linux kernel \ndid not properly limit the number of events queued. An attacker in a guest \nVM could use this to cause a denial of service in the host OS. \n(CVE-2020-27673)\n\nJinoh Kang discovered that the Xen event channel infrastructure in the \nLinux kernel contained a race condition. An attacker in guest could \npossibly use this to cause a denial of service (dom0 crash). \n(CVE-2020-27675)\n\nDaniel Axtens discovered that PowerPC RTAS implementation in the Linux \nkernel did not properly restrict memory accesses in some situations. A \nprivileged local attacker could use this to arbitrarily modify kernel \nmemory, potentially bypassing kernel lockdown restrictions. \n(CVE-2020-27777)\n\nIt was discovered that the jfs file system implementation in the Linux \nkernel contained an out-of-bounds read vulnerability. A local attacker \ncould use this to possibly cause a denial of service (system crash). \n(CVE-2020-27815)\n\nShisong Qin and Bodong Zhao discovered that Speakup screen reader driver in \nthe Linux kernel did not correctly handle setting line discipline in some \nsituations. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2020-27830, CVE-2020-28941)\n\nIt was discovered that a use-after-free vulnerability existed in the \ninfiniband hfi1 device driver in the Linux kernel. A local attacker could \npossibly use this to cause a denial of service (system crash). \n(CVE-2020-27835)\n\nIt was discovered that an information leak existed in the syscall \nimplementation in the Linux kernel on 32 bit systems. A local attacker \ncould use this to expose sensitive information (kernel memory). \n(CVE-2020-28588)\n\nMinh Yuan discovered that the framebuffer console driver in the Linux \nkernel did not properly handle fonts in some conditions. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexpose sensitive information (kernel memory). (CVE-2020-28974)\n\nMichael Kurth and Pawel Wieczorkiewicz discovered that the Xen event \nprocessing backend in the Linux kernel did not properly limit the number of \nevents queued. An attacker in a guest VM could use this to cause a denial \nof service in the host OS. (CVE-2020-29568)\n\nOlivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the \nXen paravirt block backend in the Linux kernel, leading to a use-after-free \nvulnerability. An attacker in a guest VM could use this to cause a denial \nof service in the host OS. (CVE-2020-29569)\n\nJann Horn discovered that the tty subsystem of the Linux kernel did not use \nconsistent locking in some situations, leading to a read-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly expose sensitive information (kernel memory). \n(CVE-2020-29660)\n\nJann Horn discovered a race condition in the tty subsystem of the Linux \nkernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- \nfree vulnerability. A local attacker could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-29661)\n\nIt was discovered that a race condition existed that caused the Linux \nkernel to not properly restrict exit signal delivery. A local attacker \ncould possibly use this to send signals to arbitrary processes. \n(CVE-2020-35508)", "edition": 1, "modified": "2021-02-25T00:00:00", "published": "2021-02-25T00:00:00", "id": "USN-4751-1", "href": "https://ubuntu.com/security/notices/USN-4751-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "rst": [{"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **74[.]89.187.158** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **13**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **generic**.\nASN 6128: (First IP 74.89.1.0, Last IP 74.90.255.255).\nASN Name \"CABLENET1\" and Organisation \"Cablevision Systems Corp\".\nASN hosts 17015 domains.\nGEO IP information: City \"North Bergen\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:D51698EE-AF8E-3696-BADA-79DFDA1F6878", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: 74.89.187.158", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **74[.]91.23.194** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **20**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **generic**.\nASN 33387: (First IP 74.91.16.0, Last IP 74.91.31.255).\nASN Name \"NOCIX\" and Organisation \"DataShack LC\".\nASN hosts 668773 domains.\nGEO IP information: City \"\", Country \"United States\".\nIOC could be a **False Positive** (May be a Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:71B2E9BA-3A6F-3667-B0AE-1F1CD1CCAF98", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: 74.91.23.194", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **74[.]91.24.186** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **20**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **generic**.\nASN 33387: (First IP 74.91.16.0, Last IP 74.91.31.255).\nASN Name \"NOCIX\" and Organisation \"DataShack LC\".\nASN hosts 668773 domains.\nGEO IP information: City \"\", Country \"United States\".\nIOC could be a **False Positive** (May be a Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:D4674FD2-6355-302E-9D5F-D526FA7323BB", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: 74.91.24.186", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **74[.]91.28.228** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **20**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **generic**.\nASN 33387: (First IP 74.91.16.0, Last IP 74.91.31.255).\nASN Name \"NOCIX\" and Organisation \"DataShack LC\".\nASN hosts 668773 domains.\nGEO IP information: City \"\", Country \"United States\".\nIOC could be a **False Positive** (May be a Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:0B02A96F-DE94-3521-9D39-1EE3B6F642CD", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: 74.91.28.228", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **74[.]91.113.32** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **43**.\n First seen: 2021-02-23T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **generic**.\nASN 14586: (First IP 74.91.113.0, Last IP 74.91.113.255).\nASN Name \"NUCLEARFALLOUTCHI\" and Organisation \"Nuclearfallout Enterprises Inc\".\nASN hosts 671 domains.\nGEO IP information: City \"\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-23T00:00:00", "id": "RST:8A6165E8-ECDF-368A-AB4D-50D718386D7A", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: 74.91.113.32", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **74[.]92.155.101** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **13**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **generic**.\nASN 7922: (First IP 74.92.0.0, Last IP 74.95.255.255).\nASN Name \"COMCAST7922\" and Organisation \"Comcast Cable Communications LLC\".\nASN hosts 159727 domains.\nGEO IP information: City \"Baltimore\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:6BED6AD1-3BA2-3510-AD2F-0DF90080510F", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: 74.92.155.101", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **74[.]105.127.227** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **13**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **generic**.\nASN 701: (First IP 74.101.0.0, Last IP 74.106.31.255).\nASN Name \"UUNET\" and Organisation \"MCI Communications Services Inc dba Verizon Business\".\nASN hosts 196530 domains.\nGEO IP information: City \"Wyckoff\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:55EEAEF0-FC91-34D5-BB09-8C655D5D39F7", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: 74.105.127.227", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **74[.]105.205.211** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **13**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **generic**.\nASN 701: (First IP 74.101.0.0, Last IP 74.106.31.255).\nASN Name \"UUNET\" and Organisation \"MCI Communications Services Inc dba Verizon Business\".\nASN hosts 196530 domains.\nGEO IP information: City \"Wyckoff\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:E1B79F9C-9E92-3268-A433-CE407A5ED94B", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: 74.105.205.211", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **74[.]106.249.155** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **7**.\n First seen: 2020-08-27T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **generic**.\nASN 701: (First IP 74.106.224.0, Last IP 74.107.127.255).\nASN Name \"UUNET\" and Organisation \"MCI Communications Services Inc dba Verizon Business\".\nASN hosts 196530 domains.\nGEO IP information: City \"Bel Air\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-08-27T00:00:00", "id": "RST:C87791B0-89B8-324E-B3F3-21A4BFCFCCEF", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: 74.106.249.155", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **74[.]108.25.169** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **13**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **generic**.\nASN 701: (First IP 74.108.0.0, Last IP 74.109.127.255).\nASN Name \"UUNET\" and Organisation \"MCI Communications Services Inc dba Verizon Business\".\nASN hosts 196530 domains.\nGEO IP information: City \"Greenwich\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:DA550FB5-C268-30D6-B51F-BF9612C8D472", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: 74.108.25.169", "type": "rst", "cvss": {}}]}