Share this page!

Maybe Scrolly?
Emy | eq 🌈 Profile picture
Twitter logo
11 Dec, 6 tweets, 3 min read
Got one hit on my honneypot for #log4j during the night.

This one is not trying to bypass detection and still uses basic payload to trigger the jndi vuln. Image
The IP address seems to still be up and responding, but the port is closed now. Image
The base64 payload decodes as a wget command to get a shell script on another server Image
The shell script downloads 3 ELF files and executes them, it is really simple but does the job Image
The ELFs seems to be part of the MIRAI botnet as shown by VT

776c341504769aa67af7efc5acc66c338dab5684a8579134d3f23165c7abcc00 x86

8052f5cc4dfa9a8b4f67280a746acbc099319b9391e3b495a27d08fb5f08db81 x86_64

2b794cc70cb33c9b3ae7384157ecb78b54aaddc72f4f9cf90b4a4ce4e6cf8984 x86_g ImageImageImage
2 new #Mirai botnet sample uploaded to virustotal thanks to the carelessness of the people who tried to drop it using #log4shell

7937bbe245511e3666b1f90661bc5fff1ae7bcb1cfda1e5aad9976b66d871c7f sh4

1de182015b280f40b04faac87424f3ae00db8bc90b3ec5d7c02092d72ca1b21e arm5 ImageImage

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Emy | eq 🌈

Emy | eq 🌈 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @entropyqueen_

Emy | eq 🌈 Profile picture
11 Dec
Explaining #log4j for non technical people, because the internet is burning down and y'all might want to know what's happening and why there's all this "${jndi:ldap" stuff out there

#Log4Shell #log4jRCE

⬇️
Log4j is a popular logging library used in Java programming language.

A logger is a piece of software that saves data on a computer. It is used to monitor what is happening, determine if the software runs smoothly, or catch information to help debugging when things go wrong.
It logs a lot of information. When you browse to a website, it will write down what IP address you have, what browser you are using (firefox, chrome, edge... ), when you made the request, what page you accessed... and more!
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @entropyqueen_ has new unrolls!

Check out other threads from @entropyqueen_!

Read all threads by @entropyqueen_

:(