"##l only ( exploit poc by hook - s3c on github ) once this vulnerability ( cve - 2018 - 11776 ) was announced, we noticed the cronix campaign adapting this vulnerability to spread crypto - mining malware ( / content / f5 - labs - v2 / en / labs / articles / threat - intelligence …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
91%
"this issue would only have control over the malicious request url. http headers, payload, and even the request method ( get ) cannot be modified. also, the attacker cannot receive any response to their malicious requests as all responses reach the real sender, googlebot. another …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
54%
"##bot servers owned by google the first request we noticed that belongs to the cronix campaign did not have a googlebot related user - agent but rather one that seems to be related to a python script ( see figure 7 ). most likely, this first request was delivered before the attac…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
37%
"links ” means sending a get request to every url listed in the links on the website. so, googlebot servers generate requests based on links they do not control and, as it seems, do not validate. tricking googlebot given that googlebot follows links, attackers figured out a simple…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Seventeen years after the opportunity for abuse was made public, attackers are finding new ways to make use of this unpatched web crawler service.