November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – Multi-stage Fileless Banking Trojan – IoCs
April 8, 2019Rewterz Threat Advisory – CVE-2019-9489 Trend Micro OfficeScan XG Data Manipulation Vulnerability
April 10, 2019Rewterz Threat Alert – Multi-stage Fileless Banking Trojan – IoCs
April 8, 2019Rewterz Threat Advisory – CVE-2019-9489 Trend Micro OfficeScan XG Data Manipulation Vulnerability
April 10, 2019
Severity
Medium
Analysis Summary
This is a list of IP addresses associated with scanning and exploit activity. Threat indicators are provided.
Impact
- SSH Scan
- SSH Brute Force Attempt
- Oracle WebLogic Exploitation Attempt
- JBoss Exploitation Attempt
Indicators of Compromise
IP(s) / Hostname(s)
- 36[.]156[.]24[.]94
- 36[.]156[.]24[.]97
- 61[.]184[.]247[.]2
- 61[.]184[.]247[.]3
- 61[.]184[.]247[.]5
- 61[.]184[.]247[.]7
- 61[.]184[.]247[.]11
- 122[.]226[.]181[.]164
- 122[.]226[.]181[.]167
- 125[.]65[.]42[.]187
- 125[.]65[.]42[.]192
- 185[.]234[.]218[.]248
- 218[.]92[.]1[.]132
- 223[.]111[.]139[.]210
- 223[.]111[.]139[.]247
- 36[.]156[.]24[.]96
- 36[.]156[.]24[.]96
- 36[.]156[.]24[.]99
- 61[.]184[.]247[.]6
- 115[.]238[.]245[.]14
- 125[.]65[.]42[.]192
- 179[.]60[.]146[.]9
- 36[.]156[.]24[.]97
- 115[.]238[.]245[.]4
- 115[.]238[.]245[.]8
- 118[.]123[.]15[.]142
- 179[.]60[.]146[.]9
- 222[.]186[.]30[.]71
- 223[.]111[.]139[.]211
- 223[.]111[.]139[.]247
- 36[.]156[.]24[.]94
- 36[.]156[.]24[.]95
- 36[.]156[.]24[.]98
- 36[.]156[.]24[.]99
- 61[.]184[.]247[.]2
- 61[.]184[.]247[.]6
- 61[.]184[.]247[.]10
- 122[.]226[.]181[.]165
- 223[.]111[.]139[.]211
- 61[.]184[.]247[.]3
- 61[.]184[.]247[.]8
- 61[.]184[.]247[.]8
- 61[.]184[.]247[.]11
- 115[.]238[.]245[.]4
- 118[.]123[.]15[.]142
- 122[.]226[.]181[.]164
- 122[.]226[.]181[.]166
- 125[.]65[.]42[.]187
- 192[.]99[.]142[.]251
- 218[.]92[.]1[.]132
- 223[.]111[.]139[.]210
- 61[.]184[.]247[.]4
- 61[.]184[.]247[.]5
- 61[.]184[.]247[.]7
- 116[.]31[.]116[.]5
- 122[.]226[.]181[.]165
- 218[.]92[.]1[.]131
- 222[.]186[.]30[.]71
- 103[.]207[.]36[.]144
- 115[.]238[.]245[.]2
- 115[.]238[.]245[.]2
- 115[.]238[.]245[.]8
- 115[.]238[.]245[.]14
- 122[.]226[.]181[.]166
- 158[.]69[.]133[.]20
- 218[.]92[.]1[.]131
- 223[.]111[.]139[.]244
- 223[.]111[.]139[.]244
- 36[.]156[.]24[.]95
- 36[.]156[.]24[.]98
- 61[.]184[.]247[.]4
- 61[.]184[.]247[.]10
- 61[.]184[.]247[.]12
- 61[.]184[.]247[.]12
- 116[.]31[.]116[.]5
- 122[.]226[.]181[.]167
Remediation
- Consider blocking and alerting on these IP addresses as they have been logged attempting to exploit vulnerabilities or otherwise gain access or information about SLTT network resources.
- Investigate any logged activity from the noted IP addresses for signs of successful exploitation.