[Silicon Defense logo]

SnortSnarf signature page

SERVER-ORACLE Oracle WebLogic Server remote command execution attempt

SnortSnarf v021111.1

Signature section (328)Top 20 source IPsTop 20 dest IPs

127 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 22:13:43.736030 on 09/05/2018
Latest such alert at 23:20:16.170942 on 07/28/2019

SERVER-ORACLE Oracle WebLogic Server remote command execution attempt 120 sources 1 destinations
Priority: 1Classification: Attempted Administrator Privilege Gain
[sid:45304] [BUGTRAQ:97884][Xref => http://www.securityfocus.com/bid/101304]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
115.159.186.2233311
118.89.51.1923311
31.24.141.1102211
222.74.34.52211
118.24.19.1512211
47.94.253.1791111
111.230.183.1951111
190.181.40.2501111
60.2.123.2351111
111.231.146.2421111
193.112.124.801111
139.199.162.1271111
139.199.5.1501111
94.242.250.1821111
49.51.69.111111
116.196.120.1801111
211.206.133.781111
103.27.176.2331111
180.76.169.571111
222.211.86.2141111
180.76.183.1411111
211.149.231.571111
193.240.148.661111
111.230.145.2441111
101.132.195.261111
139.199.59.1541111
193.112.50.1321111
172.81.205.2301111
122.152.209.781111
43.254.217.2271111
180.130.175.1861111
1.202.128.681111
54.36.173.1851111
118.24.133.1651111
128.14.86.741111
111.231.191.1551111
71.78.50.2111111
14.192.8.2181111
103.213.248.1411111
121.13.251.2081111
193.112.36.1511111
47.94.101.01111
39.104.164.981111
47.52.201.1741111
42.51.152.721111
122.114.14.1251111
190.107.211.191111
119.29.109.2451111
118.89.215.261111
120.78.60.41111
118.24.13.1581111
47.98.200.2011111
47.98.232.1941111
47.98.118.21111
124.134.220.2091111
103.13.222.1081111
112.74.57.1461111
118.24.10.1231111
47.75.66.1801111
120.79.44.2181111
123.206.74.1801111
118.25.24.601111
39.109.1.551111
156.232.254.261111
122.114.204.781111
61.148.61.1461111
101.132.34.1301111
185.115.32.541111
39.106.41.751111
118.24.156.2391111
139.199.19.1671111
111.231.105.601111
47.93.232.951111
125.35.11.301111
114.115.177.661111
182.254.219.2191111
47.104.92.231111
118.89.59.1971111
115.159.151.1081111
177.207.242.1461111
118.25.36.1651111
164.109.105.311111
43.225.159.1541111
118.180.2.841111
192.144.133.711111
60.170.111.1141111
116.196.99.821111
206.152.27.941111
192.144.128.2331111
139.219.236.1181111
123.232.8.661111
112.112.17.1461111
106.51.48.321111
120.79.227.1861111
140.143.35.551111
61.147.120.1521111
193.112.160.1491111
62.109.5.691111
114.116.18.1221111
192.144.133.1651111
27.116.18.1221111
47.75.147.2041111
47.52.162.2261111
118.24.124.431111
193.112.162.841111
39.104.127.1601111
117.34.105.401111
118.89.155.1301111
1.85.32.2541111
52.53.129.991111
140.143.136.2361111
180.76.114.131111
114.115.217.81111
213.56.141.611111
47.90.102.761111
101.132.96.961111
58.82.251.981111
203.93.17.341111
123.206.51.831111
118.25.111.121111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.0.38127324120203

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Wed Aug 21 01:01:07 2019