駭客針對ArmorX LisoMail郵件系統進行XSS跨網站指令碼攻擊行動預警
- 發布日期:
- 最後更新日期:110-04-27
- 資料點閱次數:222
接獲外部情資發現近期駭客組織攻擊活動頻繁,駭客針對ArmorX LisoMail郵件系統之登入網頁(webmail2)進行跨網站指令碼(Cross-Site Scripting, XSS)攻擊後植入網頁後門程式,並竊取系統之使用者帳號與密碼,後門程式路徑如下:
/dev/shm/usr/isb/html/webmail2/program/lib/xml.php、
/dev/shm/usr/isb/html/webmail2/program/lib/tunnel.php
各機關應提高警覺,若有採購/使用該系統應儘速完成原廠作業系統版本更新,並落實監控防護與異常連線阻擋,如於相關日誌發現異常連線或警示,應深入釐清事件原因與影響範圍,避免錯失調查時機。
影響平台 ArmorX LisoMail郵件系統2020/12/31之前的所有版本
(版本識別碼8.15.2-2.712.063-1.90.013)
影響等級 中
建議措施
- 檢視是否使用上述設備或產品並確認其修補或更新狀態,若未進行修補或更新應儘速完成,避免未來可能被作為攻擊之對象。
- 清查監控紀錄以釐清是否曾經發生異常事件。
- 依據附件所列之IP與DN等IoC資訊,加強監控防護與異常連線阻擋。
IP :
---------------------- 100.-109.
103.237.79.10
103.78.214.7
104.244.76.218
107.179.249.36
107.190.207.63
-----------------------110.-119.
110.168.19.174
113.161.80.44
113.161.81.73
113.162.177.219
113.169.206.239
113.172.158.38
113.172.31.132
113.173.112.177
113.173.184.150
113.173.190.110
113.178.95.147
115.74.103.6
116.102.131.10
116.106.35.162
116.107.157.167
117.1.175.252
117.5.180.134
--------------------------120.-129.
123.20.138.30
123.20.146.29
123.20.240.77
123.21.91.71
123.240.209.226
123.24.206.91
124.59.172.164
--------------------------130.-139.
138.197.195.125
139.59.22.2
-------------------------- 140.-149.
140.132.197.201
140.132.200.207
140.132.201.169
140.132.218.121
140.132.219.55
14.161.151.152
14.162.74.0
14.169.142.125
14.169.165.206
14.173.140.122
14.186.177.26
14.186.220.201
14.186.228.87
14.186.237.148
14.187.33.222
14.187.62.239
14.226.226.115
14.231.132.153
14.231.254.177
------------------------- 150.-159.
150.150.1.95
150.150.2.184
150.150.3.93
150.31.154.134
------------------------- 170.-179.
171.103.34.198
171.224.16.18
171.237.55.231
173.243.81.154
176.31.61.216
177.136.215.240
177.184.47.79
177.44.217.35
178.134.248.38
------------------------- 180.-189.
181.111.21.126
185.107.80.34
185.61.137.172
185.93.185.10
186.193.23.97
186.205.180.149
186.212.32.218
187.106.211.163
187.109.167.5
187.151.9.21
187.188.129.240
187.188.15.152
187.188.152.84
187.188.183.27
187.188.185.150
187.188.185.182
187.188.192.219
187.188.205.148
187.188.214.9
187.188.238.147
187.188.33.31
187.188.37.50
187.188.40.139
187.189.10.65
187.189.220.239
187.189.227.84
187.189.228.220
187.189.43.219
187.189.46.111
187.189.52.10
187.189.59.153
187.189.62.197
187.189.78.167
187.189.81.172
187.190.102.70
187.190.218.162
187.190.237.84
187.190.251.175
187.190.255.100
187.190.80.73
187.226.180.77
187.45.101.102
188.25.166.19
188.68.11.127
188.75.134.38
189.103.1.139
189.121.35.182
189.122.178.248
189.26.218.36
189.29.17.32
189.36.146.3
189.71.15.133
189.76.187.168
------------------------- 190.-199.
190.108.218.19
190.183.238.178
191.191.11.144
191.243.72.102
191.30.252.74
192.140.93.47
193.176.42.21
194.180.224.130
195.154.199.66
195.158.109.101
195.208.153.61
195.209.48.123
197.248.234.202
197.251.195.238
198.27.65.202
199.195.254.38
------------------------ 200.-209.
200.141.122.81
200.204.160.49
201.1.134.223
201.6.121.157
202.138.243.108
206.189.153.169
------------------------- 210.-219.
212.154.51.131
218.211.168.176
-------------------------*
2.236.244.129
24.139.124.2
24.55.103.86
27.76.224.169
35.229.170.78
37.120.215.194
37.157.207.119
45.121.50.16
45.148.10.50
45.155.205.95
45.58.125.226
45.71.91.31
46.103.168.192
46.148.95.57
47.18.6.71
47.27.98.201
58.87.150.111
61.228.142.146
63.143.61.42
66.42.93.45
73.225.141.85
74.102.225.231
77.242.29.201
79.124.8.19
79.22.104.164
79.47.173.203
80.82.65.234
80.82.65.80
82.209.218.152
83.14.118.1
83.19.153.29
84.64.58.21
85.105.201.82
85.74.30.43
85.91.157.88
85.94.189.144
86.47.82.38
86.57.237.201
86.63.127.13
87.27.182.169
88.249.126.119
89.19.180.7
89.248.174.216
89.248.174.253
89.33.8.34
91.122.50.245
91.226.172.108
93.119.135.217
93.203.142.200
94.102.49.104
94.4.127.109
95.235.216.91
95.7.199.215
111.185.49.179
140.125.90.170
140.130.181.20
149.28.36.160
173.199.90.152
182.155.250.21
182.234.183.31
206.189.153.169
210.59.162.12
220.133.26.236
45.32.26.243
45.32.8.28
45.63.127.236
45.77.253.224
58.114.198.117
60.249.248.119
61.216.102.72
66.42.82.174