← All stories

F5 Labs

Shellshock: Malicious Bash, Obfuscated perlb0t, Echo Probes, and More

2014-10-10 · Read original ↗

ATT&CK techniques detected

6 predictions

T1059.004Unix Shell

97%

“shellshock : malicious bash, obfuscated perlb0t, echo probes, and more shellshock can take advantage of http headers as well as other mechanisms to enable unauthorized access to the underlying system shell, bash. the shellshock attack takes advantage of a flaw in bash that enable…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1505.003Web Shell

59%

“environment variables ), " user - agent " is used in most of the cases. from our observations, the payload that is delivered ( the actual commands that are executed ) once the vulnerability is exploited has several intentions. the simplest are the " echo " probes, just sending a …”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

50%

“environment variables ), " user - agent " is used in most of the cases. from our observations, the payload that is delivered ( the actual commands that are executed ) once the vulnerability is exploited has several intentions. the simplest are the " echo " probes, just sending a …”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1584.005Botnet

45%

“a fresh opportunity to expand their army of zombie machines. these serious exploits usually deploy the " kaiten " ( aka " tsunami " ) bot or variations of the " perlb0t " making it part of a ddos business scheme. to see the full version of this article, click " download " below.”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1498Network Denial of Service

39%

“a fresh opportunity to expand their army of zombie machines. these serious exploits usually deploy the " kaiten " ( aka " tsunami " ) bot or variations of the " perlb0t " making it part of a ddos business scheme. to see the full version of this article, click " download " below.”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1498.001Direct Network Flood

36%

“a fresh opportunity to expand their army of zombie machines. these serious exploits usually deploy the " kaiten " ( aka " tsunami " ) bot or variations of the " perlb0t " making it part of a ddos business scheme. to see the full version of this article, click " download " below.”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Shellshock can take advantage of HTTP headers as well as other mechanisms to enable unauthorized access to Bash.