2021-01-25 07:16:27 +00:00
|
|
|
title: TerraMaster TOS CVE-2020-28188
|
|
|
|
|
id: 15c312b9-00d0-4feb-8870-7d940a4bdc5e
|
|
|
|
|
status: experimental
|
|
|
|
|
description: Detects the exploitation of the TerraMaster TOS vulnerability described in CVE-2020-28188
|
|
|
|
|
author: Bhabesh Raj
|
|
|
|
|
date: 2021/01/25
|
|
|
|
|
references:
|
|
|
|
|
- https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
|
|
|
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2020-28188
|
|
|
|
|
- https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/
|
2021-08-24 08:10:45 +00:00
|
|
|
- https://nvd.nist.gov/vuln/detail/cve-2020-28188
|
2021-01-25 07:16:27 +00:00
|
|
|
logsource:
|
|
|
|
|
category: webserver
|
|
|
|
|
detection:
|
|
|
|
|
base_url:
|
|
|
|
|
cs-method: 'GET'
|
|
|
|
|
c-uri|contains|all:
|
|
|
|
|
- '/include/makecvs.php'
|
|
|
|
|
- '?Event='
|
|
|
|
|
payload:
|
|
|
|
|
c-uri|contains:
|
|
|
|
|
- 'curl'
|
|
|
|
|
- 'wget'
|
|
|
|
|
- '.py'
|
|
|
|
|
- '.sh'
|
|
|
|
|
- 'chmod'
|
|
|
|
|
- '_GET'
|
|
|
|
|
condition: base_url and payload
|
|
|
|
|
fields:
|
|
|
|
|
- c-ip
|
|
|
|
|
- c-dns
|
|
|
|
|
falsepositives:
|
|
|
|
|
- Unknown
|
|
|
|
|
level: critical
|
|
|
|
|
tags:
|
|
|
|
|
- attack.t1190
|
|
|
|
|
- attack.initial_access
|
