Bashed and Shellshocked: Early Reports of Exploitation in the Wild

Bashed and Shellshocked: Early Reports of Exploitation in the Wild

September 25, 2014 • Matt Kodama

Lots of IT security teams are at work right now to patch the Shellshock vulnerability (CVE-2014-6271) ASAP – while keeping an eye on their threat intelligence sources for exploitation in the wild. And the reports are coming in…

One of the first reports via GitHub identified the IP 162.253.66.76 as the source of suspicious activity. We took a quick look in our OSINT archive, using Maltego, to make an initial assessment. Pentester scanning? Malicious? Looks like the latter.

Shellshock Assessment Using Maltego

Click image for larger view

Looked at on a Recorded Future timeline, the reporting involving suspicious activity and blocking of this IP address date back to early September.

Shellshock-Associated IP Address Timeline

Click image for larger view

Here’s the view a few hours later, when many other authors on the web were linking this IP address to Shellshock.

Shellshock Assessment Using Maltego

Click image for larger view

Time to patch!

New call-to-action

Related Posts

Announcing Security Intelligence for Splunk — For Free

Announcing Security Intelligence for Splunk — For Free

February 23, 2021 • Ellen Wilson

Today, we’re thrilled to announce the launch of a free 30-day trial of our integration for Splunk...

Security Intelligence Handbook Chapter 9: Manage Third-Party Risk in Real Time

Security Intelligence Handbook Chapter 9: Manage Third-Party Risk in Real Time

February 16, 2021 • The Recorded Future Team

Editor’s Note: We’re sharing excerpts from the third edition of our popular book, “The...

The Symbiotic Relationship Between Brand Intelligence and Brand Trust

The Symbiotic Relationship Between Brand Intelligence and Brand Trust

February 11, 2021 • Neha Mehra

A brand is a company's most important asset, and if done right, the ultimate competitive advantage...