[Silicon Defense logo]

SnortSnarf signature page

SERVER-ORACLE Oracle WebLogic Server remote command execution attempt

SnortSnarf v021111.1

Signature section (210)Top 20 source IPsTop 20 dest IPs

98 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 03:57:21.406655 on 03/31/2018
Latest such alert at 13:29:26.906487 on 11/01/2018

SERVER-ORACLE Oracle WebLogic Server remote command execution attempt 91 sources 1 destinations
Priority: 1Classification: Attempted Administrator Privilege Gain
[sid:45304] [BUGTRAQ:97884][Xref => http://www.securityfocus.com/bid/101304]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
45.119.82.1002211
115.159.186.2232211
47.52.198.1102211
47.52.167.1742211
192.144.139.952211
118.24.158.592211
178.32.1.2142211
47.98.162.1491111
39.106.25.1271111
118.24.16.1011111
218.3.142.1361111
118.25.210.1431111
49.51.69.111111
118.97.147.2031111
116.113.80.541111
187.190.22.471111
190.14.242.2431111
184.188.136.1941111
123.206.87.1291111
118.123.15.1201111
193.112.7.2111111
118.24.13.461111
193.112.77.881111
183.131.217.2051111
119.27.170.271111
96.64.233.1451111
111.230.230.2471111
221.238.115.2121111
118.24.36.2011111
193.112.42.2371111
218.76.158.2031111
47.75.66.1801111
47.98.57.471111
122.112.214.951111
121.31.21.1341111
202.181.24.2261111
59.33.174.1621111
58.20.50.971111
118.24.64.151111
119.254.111.1231111
23.234.2.1021111
47.95.117.891111
113.108.192.21111
47.91.235.281111
111.231.227.1351111
36.41.187.1621111
181.143.85.2501111
110.249.215.1371111
218.69.91.181111
119.29.148.611111
182.254.219.2191111
125.35.11.301111
54.164.169.391111
80.13.134.1081111
140.143.196.1581111
123.206.73.381111
140.143.208.821111
103.9.88.2041111
140.143.242.951111
118.180.2.841111
111.231.227.1841111
118.24.18.1931111
118.24.56.601111
47.52.152.691111
116.228.150.1501111
119.27.186.141111
101.66.229.71111
91.239.194.91111
103.213.249.261111
186.136.228.71111
47.52.162.2261111
186.23.59.1371111
111.231.199.1171111
123.57.18.771111
111.230.64.2491111
118.25.39.191111
119.29.196.891111
111.231.93.491111
185.229.226.1851111
117.205.6.1171111
140.143.134.1621111
140.143.136.2361111
120.79.249.1621111
120.79.177.981111
150.109.69.831111
50.254.129.691111
119.27.181.1951111
111.231.133.721111
114.118.1.1301111
118.25.212.591111
120.77.36.711111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.0.379820691140

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Wed Nov 21 05:01:01 2018