Details and Analytics for centreon_sandworm-alert / CVE-2021-20210224
- NIST on CVE-2021-20210224
- Alert - Notes to that alert
- Summary: asn/country/network - based summary
- Data - all data, separated by country
- TimeStamp
The lists are generated based on combined shodan/OSINT-Queries.
If we detect a certain CVE with ( CVSS > 8 AND Remote AND Unauthenticated AND (RCE OR PriviledgeEscalation OR FileAccess) or exploits going around, we check if there is a posibility to catch al effected hosts/IPs that could be prone of attacks/exploitation, via shodan and OSINT.
in a second step we analyse affected IPs and generate ASN/Country-Attribution that will be placed in data
Detail - Format (file and content)
- files are plaintext
- file_names are generated by CVE + country [CN]
-> CVE-20202-XXXX/CVE-2020-XXXXX-[CN].list
file_content:
Country: CZ
147.228.XX.YY | ASN. 2852 | CESNET2, CZ
147.228.XX.YY | ASN. 2852 | CESNET2, CZ
195.113.20.168 | ASN. 2852 | CESNET2, CZ
78.128.216.72 | ASN. 2852 | CESNET2, CZ
193.85.156.216 | ASN. 5588 | GTSCE GTS Central Europe / Antel Germany, CZ
193.85.156.216 | ASN. 5588 | GTSCE GTS Central Europe / Antel Germany, CZ
193.85.156.216 | ASN. 5588 | GTSCE GTS Central Europe / Antel Germany, CZ
193.85.156.216 | ASN. 5588 | GTSCE GTS Central Europe / Antel Germany, CZ
62.24.71.164 | ASN. 6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT
62.24.71.164 | ASN. 6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT
62.24.71.164 | ASN. 6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT
62.24.71.164 | ASN. 6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT
88.208.109.196 | ASN. 29208 | DIALTELECOM-AS Dial Telecom a.s., SK
88.208.109.196 | ASN. 29208 | DIALTELECOM-AS Dial Telecom a.s., SK
95.47.178.94 | ASN. 60296 | METRONET-AS, SK
Remarks
please note:
-
found IPs might contain False-Positives and miss False Negatives
-
Country/ASN-Attribution might not be correct