73 строки
2.3 KiB
Markdown
73 строки
2.3 KiB
Markdown
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
|
## Details and Analytics for cobaltstrike_servers / CVE-2020-0000
|
|
|
|
- [NIST on CVE-2020-0000](https://nvd.nist.gov/vuln/detail/CVE-2020-0000)
|
|
- [Summary](summary.md): asn/country/network - based summary
|
|
- [Data](data) - all data, separated by country
|
|
|
|
The lists are generated based on combined shodan/OSINT-Queries.
|
|
|
|
If we detect a certain CVE with ( CVSS > 8 AND Remote AND Unauthenticated AND
|
|
(RCE OR PriviledgeEscalation OR FileAccess) or exploits going around,
|
|
we check if there is a posibility to catch all effected hosts/IPs
|
|
that could be prone of attacks/exploitation, via shodan and OSINT.
|
|
|
|
in a second step we analyse affected IPs and generate ASN/Country-Attribution
|
|
that will be placed in [data](data)
|
|
|
|
|
|
## Detail - Format (file and content)
|
|
|
|
- files are plaintext
|
|
- file_names are generated by CVE + country [CN]
|
|
|
|
-> CVE-20202-XXXX/CVE-2020-XXXXX-[CN].list
|
|
|
|
|
|
file_content:
|
|
|
|
~~~
|
|
|
|
Country: CZ
|
|
|
|
147.228.XX.YY | ASN. 2852 | CESNET2, CZ
|
|
147.228.XX.YY | ASN. 2852 | CESNET2, CZ
|
|
195.113.20.168 | ASN. 2852 | CESNET2, CZ
|
|
78.128.216.72 | ASN. 2852 | CESNET2, CZ
|
|
193.85.156.216 | ASN. 5588 | GTSCE GTS Central Europe / Antel Germany, CZ
|
|
193.85.156.216 | ASN. 5588 | GTSCE GTS Central Europe / Antel Germany, CZ
|
|
193.85.156.216 | ASN. 5588 | GTSCE GTS Central Europe / Antel Germany, CZ
|
|
193.85.156.216 | ASN. 5588 | GTSCE GTS Central Europe / Antel Germany, CZ
|
|
62.24.71.164 | ASN. 6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT
|
|
62.24.71.164 | ASN. 6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT
|
|
62.24.71.164 | ASN. 6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT
|
|
62.24.71.164 | ASN. 6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT
|
|
88.208.109.196 | ASN. 29208 | DIALTELECOM-AS Dial Telecom a.s., SK
|
|
88.208.109.196 | ASN. 29208 | DIALTELECOM-AS Dial Telecom a.s., SK
|
|
95.47.178.94 | ASN. 60296 | METRONET-AS, SK
|
|
|
|
|
|
~~~
|
|
|
|
|
|
## Remarks
|
|
|
|
please note:
|
|
- found IPs might contain False-Positives and miss False Negatives
|
|
- Country/ASN-Attribution might not be correct
|
|
|
|
|
|
- [Traffic Light Protocol (TLP) Definitions and Usage](https://www.us-cert.gov/tlp)
|
|
|
|
|
|
|
|
|
|
|
|
|