数据来源:日常网络安全事件运营。
| 序号 | 发现时间 | 安全事件 | IOC类型 | IOC值 | 备注 |
|---|---|---|---|---|---|
| 1 | 2024-10-16 00:00:00 | NMAP扫描-PORT SCAN (NMAP -sS) | IP | 92.63.196.143 | 网络安全驻场监测数据 |
| 2 | 2024-10-16 00:00:00 | ? NMAP扫描-PORT SCAN (NMAP -sS)? 网络扫描-HID VertX and Edge door controllers discover? 网络扫描-Suspicious inbound to mySQL port 3306? 网络扫描-VMware vCenter Chargeback Manager Information Disclosure | IP | 39.99.143.132 | 网络安全驻场监测数据 |
| 3 | 2024-10-16 00:00:00 | 3CORESec情报-低信誉IP组 6 | IP | 83.222.191.62 | 网络安全驻场监测数据 |
| 4 | 2024-10-16 00:00:00 | ? 网络扫描-Suspicious inbound to PostgreSQL port 5432? 网络扫描-Suspicious inbound to mySQL port 3306? 网络扫描-Suspicious inbound to MSSQL port 1433 | IP | 157.245.81.188 | 网络安全驻场监测数据 |
| 5 | 2024-10-16 00:00:00 | 网络扫描-Suspicious inbound to PostgreSQL port 5432 | IP | 198.235.24.94 | 网络安全驻场监测数据 |
| 6 | 2024-10-16 00:00:00 | 网络扫描-Suspicious inbound to mySQL port 3306 | IP | 39.98.126.37 | 网络安全驻场监测数据 |
| 7 | 2024-10-16 00:00:00 | 网络扫描-Zmap User-Agent (Inbound) | IP | 52.183.224.43 | 网络安全驻场监测数据 |
| 8 | 2024-10-16 00:00:00 | 网络扫描-Suspicious inbound to MSSQL port 1433 | IP | 199.45.154.184 | 网络安全驻场监测数据 |
| 9 | 2024-10-16 00:00:00 | RPC协议-portmap listing UDP 111 | IP | 184.105.247.252 | 网络安全驻场监测数据 |
| 10 | 2024-10-15 00:00:00 | ? 网络扫描-Suspicious inbound to mySQL port 3306? NMAP扫描-PORT SCAN (NMAP -sS)? 网络扫描-Suspicious inbound to Oracle SQL协议-port 1521? 网络扫描-Suspicious inbound to PostgreSQL port 5432? 网络扫描-Suspicious inbound to MSSQL port 1433 | IP | 202.98.62.60 | 网络安全驻场监测数据 |
| 11 | 2024-10-15 00:00:00 | NMAP扫描-PORT SCAN (NMAP -sS) | IP | 89.248.165.247 | 网络安全驻场监测数据 |
| 12 | 2024-10-15 00:00:00 | 网络扫描-Suspicious inbound to mySQL port 3306 | IP | 45.88.88.62 | 网络安全驻场监测数据 |
| 13 | 2024-10-15 00:00:00 | 网络扫描-Suspicious inbound to mySQL port 3306 | IP | 45.88.88.70 | 网络安全驻场监测数据 |
| 14 | 2024-10-15 00:00:00 | 网络扫描-Suspicious inbound to mySQL port 3306 | IP | 167.94.146.28 | 网络安全驻场监测数据 |
| 15 | 2024-10-15 00:00:00 | ? 网络扫描-Suspicious inbound to MSSQL port 1433? 网络扫描-Suspicious inbound to Oracle SQL协议-port 1521 | IP | 51.254.0.4 | 网络安全驻场监测数据 |
| 16 | 2024-10-15 00:00:00 | ? 网络扫描-Suspicious inbound to MSSQL port 1433? 网络扫描-Suspicious inbound to Oracle SQL协议-port 1521 | IP | 15.204.37.20 | 网络安全驻场监测数据 |
| 17 | 2024-10-15 00:00:00 | ? 网络扫描-Suspicious inbound to MSSQL port 1433? 网络扫描-Suspicious inbound to mySQL port 3306 | IP | 117.139.37.139 | 网络安全驻场监测数据 |
| 18 | 2024-10-15 00:00:00 | 网络扫描-IPMI Get Authentication Request (null seq number - null sessionID) | IP | 184.105.247.211 | 网络安全驻场监测数据 |
| 19 | 2024-10-14 00:00:00 | NMAP扫描-PORT SCAN (NMAP -sS) | IP | 92.63.196.150 | 网络安全驻场监测数据 |
| 20 | 2024-10-14 00:00:00 | NMAP扫描-PORT SCAN (NMAP -sS) | IP | 89.248.165.246 | 网络安全驻场监测数据 |
| 21 | 2024-10-14 00:00:00 | NMAP扫描-PORT SCAN (NMAP -sS) | IP | 89.248.165.66 | 网络安全驻场监测数据 |
| 22 | 2024-10-14 00:00:00 | 网络扫描-Sipvicious Scan | IP | 104.167.222.174 | 网络安全驻场监测数据 |
| 23 | 2024-10-14 00:00:00 | Telnet23端口扫描探测 | IP | 109.104.223.185 | 网络安全驻场监测数据 |
| 24 | 2024-10-14 00:00:00 | Telnet23端口扫描探测 | IP | 78.128.124.164 | 网络安全驻场监测数据 |
| 25 | 2024-10-14 00:00:00 | Telnet23端口扫描探测 | IP | 91.194.190.97 | 网络安全驻场监测数据 |
| 26 | 2024-10-14 00:00:00 | Telnet23端口扫描探测 | IP | 71.24.1.211 | 网络安全驻场监测数据 |
| 27 | 2024-10-12 00:00:00 | ? NMAP扫描-PORT SCAN (NMAP -sS)? SNMP协议-private access udp? 网络扫描-IPMI Get Authentication Request (null seq number - null sessionID)? 网络扫描-Suspicious inbound to PostgreSQL port 5432? 网络扫描-Suspicious inbound to MSSQL port 1433? 网络扫描-VMware vCenter Chargeback Manager Information Disclosure? 网络扫描-HID VertX and Edge door controllers discover? 网络扫描-Suspicious inbound to Oracle SQL协议-port 1521? 网络扫描-Suspicious inbound to mySQL port 3306 | IP | 39.101.185.246 | 网络安全驻场监测数据 |
| 28 | 2024-10-12 00:00:00 | ETPro情报-黑名单IP组 8 | IP | 79.110.62.229 | 网络安全驻场监测数据 |
| 29 | 2024-10-12 00:00:00 | 网络扫描-MS Terminal Server Traffic on Non-standard Port | IP | 213.109.202.5 | 网络安全驻场监测数据 |
| 30 | 2024-10-12 00:00:00 | 网络扫描-MS Terminal Server Traffic on Non-standard Port | IP | 147.78.47.133 | 网络安全驻场监测数据 |
| 31 | 2024-10-12 00:00:00 | Telnet23端口扫描探测 | IP | 198.24.108.204 | 网络安全驻场监测数据 |
| 32 | 2024-10-12 00:00:00 | Telnet23端口扫描探测 | IP | 50.75.94.196 | 网络安全驻场监测数据 |
| 33 | 2024-10-12 00:00:00 | Telnet23端口扫描探测 | IP | 185.80.236.117 | 网络安全驻场监测数据 |
| 34 | 2024-10-12 00:00:00 | RPC协议-portmap listing UDP 111 | IP | 13.91.177.99 | 网络安全驻场监测数据 |
| 35 | 2024-10-12 00:00:00 | RPC协议-portmap listing UDP 111 | IP | 199.45.154.190 | 网络安全驻场监测数据 |
| 36 | 2024-10-12 00:00:00 | RPC协议-portmap listing UDP 111 | IP | 64.62.197.60 | 网络安全驻场监测数据 |
| 37 | 2024-10-11 00:00:00 | Threatview情报-High Confidence Cobalt Strike C2 IP group 7 | IP | 194.165.16.53 | 网络安全驻场监测数据 |
| 38 | 2024-10-11 00:00:00 | Telnet23端口扫描探测 | IP | 212.72.133.213 | 网络安全驻场监测数据 |
| 39 | 2024-10-11 00:00:00 | Telnet23端口扫描探测 | IP | 91.210.178.106 | 网络安全驻场监测数据 |
| 40 | 2024-10-11 00:00:00 | Telnet23端口扫描探测 | IP | 50.249.164.3 | 网络安全驻场监测数据 |
| 41 | 2024-10-11 00:00:00 | Telnet23端口扫描探测 | IP | 212.52.160.179 | 网络安全驻场监测数据 |
| 42 | 2024-10-11 00:00:00 | ? NMAP扫描-PORT SCAN (NMAP -sS)? 网络扫描-Suspicious inbound to PostgreSQL port 5432 | IP | 89.248.165.239 | 网络安全驻场监测数据 |
| 43 | 2024-10-11 00:00:00 | NMAP扫描-PORT SCAN (NMAP -sS) | IP | 92.63.196.147 | 网络安全驻场监测数据 |
| 44 | 2024-10-11 00:00:00 | ? ETPro情报-黑名单IP组 8? ETPro情报-黑名单IP组 1? 网络扫描-Suspicious inbound to mySQL port 3306 | IP | 79.110.62.230 | 网络安全驻场监测数据 |
| 45 | 2024-10-11 00:00:00 | ? ETPro情报-黑名单IP组 9? ETPro情报-黑名单IP组 1 | IP | 83.222.190.226 | 网络安全驻场监测数据 |
| 46 | 2024-10-10 00:00:00 | RPC协议-portmap listing UDP 111 | IP | 65.49.1.101 | 网络安全驻场监测数据 |
| 47 | 2024-10-10 00:00:00 | ZCYT&GITHUB情报-检测到可疑蠕虫病毒木马IP活动 | IP | 12.32.250.46 | 网络安全驻场监测数据 |
| 48 | 2024-10-10 00:00:00 | ZCYT&GITHUB情报-检测到可疑蠕虫病毒木马IP活动 | IP | 95.78.162.142 | 网络安全驻场监测数据 |
| 49 | 2024-10-10 00:00:00 | ZCYT&GITHUB情报-检测到可疑蠕虫病毒木马IP活动 | IP | 116.118.96.198 | 网络安全驻场监测数据 |
| 50 | 2024-10-10 00:00:00 | RPC协议-xdmcp info query | IP | 64.62.197.30 | 网络安全驻场监测数据 |
| 51 | 2024-10-10 00:00:00 | RPC协议-xdmcp info query | IP | 206.168.34.168 | 网络安全驻场监测数据 |
| 52 | 2024-10-10 00:00:00 | RPC协议-xdmcp info query网络扫描-Suspicious inbound to Oracle SQL协议-port 1521 | IP | 199.45.154.179 | 网络安全驻场监测数据 |
| 53 | 2024-10-10 00:00:00 | 网络扫描-Suspicious inbound to Oracle SQL协议-port 1521 | IP | 198.235.24.98 | 网络安全驻场监测数据 |
| 54 | 2024-10-10 00:00:00 | ? NMAP扫描-PORT SCAN (NMAP -sS)? 网络扫描-Suspicious inbound to PostgreSQL port 5432 | IP | 89.248.163.217 | 网络安全驻场监测数据 |
| 55 | 2024-10-10 00:00:00 | ? NMAP扫描-PORT SCAN (NMAP -sS)? 网络扫描-Suspicious inbound to PostgreSQL port 5432 | IP | 89.248.165.108 | 网络安全驻场监测数据 |
| 56 | 2024-10-09 00:00:00 | ? NMAP扫描-PORT SCAN (NMAP -sS)? 网络扫描-Suspicious inbound to PostgreSQL port 5432? 网络扫描-Suspicious inbound to mySQL port 3306? 网络扫描-Suspicious inbound to MSSQL port 1433 | IP | 104.152.52.217 | 网络安全驻场监测数据 |
| 57 | 2024-10-09 00:00:00 | ? ETPro情报-黑名单IP组 22? 漏洞攻击-Realtek SDK - Command Execution/Backdoor Access Inbound (CVE-2021-35394) | IP | 141.98.11.79 | 网络安全驻场监测数据 |
| 58 | 2024-10-09 00:00:00 | NMAP扫描-PORT SCAN (NMAP -sS) | IP | 92.63.196.149 | 网络安全驻场监测数据 |
| 59 | 2024-10-09 00:00:00 | NMAP扫描-PORT SCAN (NMAP -sS) | IP | 92.63.196.146 | 网络安全驻场监测数据 |
| 60 | 2024-10-09 00:00:00 | 网络扫描-Suspicious inbound to mySQL port 3306 | IP | 87.120.113.139 | 网络安全驻场监测数据 |
| 61 | 2024-10-09 00:00:00 | 网络扫描-Suspicious inbound to mySQL port 3306 | IP | 87.120.113.38 | 网络安全驻场监测数据 |
| 62 | 2024-10-09 00:00:00 | 网络扫描-Zmap User-Agent (Inbound) | IP | 4.151.37.156 | 网络安全驻场监测数据 |
| 63 | 2024-10-09 00:00:00 | 网络扫描-Sipvicious Scan | IP | 80.94.93.187 | 网络安全驻场监测数据 |
| 64 | 2024-10-08 00:00:00 | ? NMAP扫描-PORT SCAN (NMAP -sS)? 网络扫描-Potential VNC Scan 5800-5820? 网络扫描-Potential VNC Scan 5900-5920 | IP | 92.63.196.144 | 网络安全驻场监测数据 |
| 65 | 2024-10-08 00:00:00 | ETPro情报-黑名单IP组 8 | IP | 79.110.62.235 | 网络安全驻场监测数据 |
| 66 | 2024-10-08 00:00:00 | ETPro情报-黑名单IP组 8 | IP | 79.110.62.226 | 网络安全驻场监测数据 |
| 67 | 2024-10-08 00:00:00 | ETPro情报-黑名单IP组 8 | IP | 185.122.204.250 | 网络安全驻场监测数据 |
| 68 | 2024-10-08 00:00:00 | 漏洞攻击-Realtek SDK - Command Execution/Backdoor Access Inbound (CVE-2021-35394) | IP | 141.98.11.15 | 网络安全驻场监测数据 |
| 69 | 2024-10-08 00:00:00 | 网络扫描-Sipvicious Scan | IP | 68.69.186.182 | 网络安全驻场监测数据 |
| 70 | 2024-10-08 00:00:00 | 网络扫描-HID VertX and Edge door controllers discover | IP | 111.113.89.29 | 网络安全驻场监测数据 |
| 71 | 2024-10-08 00:00:00 | 网络扫描-Suspicious inbound to Oracle SQL协议-port 1521 | IP | 198.235.24.230 | 网络安全驻场监测数据 |
| 72 | 2024-09-30 00:00:00 | ? ETPro情报-DROP Listed Traffic Inbound group 24? ETPro情报-Known Compromised or Hostile Host Traffic group 7? 3CORESec情报-Poor Reputation IP group 1 | IP | 154.213.184.15 | 网络安全驻场监测数据 |
| 73 | 2024-09-30 00:00:00 | 网络扫描-Suspicious inbound to mySQL port 3306 | IP | 91.92.241.182 | 网络安全驻场监测数据 |
| 74 | 2024-09-30 00:00:00 | 网络扫描-Suspicious inbound to mySQL port 3306 | IP | 91.92.249.132 | 网络安全驻场监测数据 |
| 75 | 2024-09-30 00:00:00 | 网络扫描-Suspicious inbound to mySQL port 3306 | IP | 91.92.249.129 | 网络安全驻场监测数据 |
| 76 | 2024-09-30 00:00:00 | ETPro情报-黑名单IP组 1 | IP | 95.214.27.41 | 网络安全驻场监测数据 |
| 77 | 2024-09-30 00:00:00 | ETPro情报-黑名单IP组 1 | IP | 95.214.27.16 | 网络安全驻场监测数据 |
| 78 | 2024-09-30 00:00:00 | ETPro情报-黑名单IP组 1 | IP | 95.214.27.32 | 网络安全驻场监测数据 |
| 79 | 2024-09-30 00:00:00 | 网络扫描-Sipvicious Scan | IP | 154.38.182.112 | 网络安全驻场监测数据 |
| 80 | 2024-09-30 00:00:00 | ETPro情报-黑名单IP组 15 | IP | 101.249.49.217 | 网络安全驻场监测数据 |
| 81 | 2024-09-29 00:00:00 | ? ETPro情报-DROP Listed Traffic Inbound group 15? ETPro情报-Block Listed Source group 1 | IP | 95.214.27.40 | 网络安全驻场监测数据 |
| 82 | 2024-09-29 00:00:00 | ETPro情报-DROP Listed Traffic Inbound group 8 | IP | 79.110.62.223 | 网络安全驻场监测数据 |
| 83 | 2024-09-29 00:00:00 | ETPro情报-DROP Listed Traffic Inbound group 8 | IP | 79.110.62.225 | 网络安全驻场监测数据 |
| 84 | 2024-09-29 00:00:00 | ETPro情报-DROP Listed Traffic Inbound group 1 | IP | 5.182.210.152 | 网络安全驻场监测数据 |
| 85 | 2024-09-29 00:00:00 | ? ETPro情报-Known Compromised or Hostile Host Traffic group 12? 3CORESec情报-Poor Reputation IP group 2 | IP | 183.81.169.238 | 网络安全驻场监测数据 |
| 86 | 2024-09-29 00:00:00 | ETPro情报-DROP Listed Traffic Inbound group 31 | IP | 185.122.204.143 | 网络安全驻场监测数据 |
| 87 | 2024-09-29 00:00:00 | 3CORESec情报-Poor Reputation IP group 1 | IP | 13.59.91.49 | 网络安全驻场监测数据 |
| 88 | 2024-09-29 00:00:00 | ETPro情报-DROP Listed Traffic Inbound group 32 | IP | 185.208.158.34 | 网络安全驻场监测数据 |
| 89 | 2024-09-29 00:00:00 | ? ETPro情报-Block Listed Source group 1? 3CORESec情报-Poor Reputation IP group 4 | IP | 45.84.89.3 | 网络安全驻场监测数据 |
| 90 | 2024-09-29 00:00:00 | ?ETPro情报-DROP Listed Traffic Inbound group 15 | IP | 101.249.55.78 | 网络安全驻场监测数据 |
| 91 | 2024-09-27 00:00:00 | ? 网络扫描-Suspicious inbound to Oracle SQL port 1521? 网络扫描-Suspicious inbound to mySQL port 3306? 网络扫描-IPMI Get Authentication Request (null seq number - null sessionID)? 网络扫描-Suspicious inbound to PostgreSQL port 5432? 网络扫描-Suspicious inbound to MSSQL port 1433? 网络扫描-VMware vCenter Chargeback Manager Information Disclosure? 网络扫描-HID VertX and Edge door controllers discover | IP | 39.99.133.11 | 网络安全驻场监测数据 |
| 92 | 2024-09-27 00:00:00 | 网络扫描-Suspicious inbound to mySQL port 3306 | IP | 89.248.160.135 | 网络安全驻场监测数据 |
| 93 | 2024-09-27 00:00:00 | 网络扫描-Sipvicious Scan | IP | 209.141.50.47 | 网络安全驻场监测数据 |
| 94 | 2024-09-27 00:00:00 | 网络扫描-IPMI Get Authentication Request (null seq number - null sessionID) | IP | 184.105.247.228 | 网络安全驻场监测数据 |
| 95 | 2024-09-27 00:00:00 | 网络扫描-Suspicious inbound to mySQL port 3306 | IP | 61.188.227.132 | 网络安全驻场监测数据 |
| 96 | 2024-09-27 00:00:00 | 网络扫描-Suspicious inbound to MSSQL port 1433 | IP | 171.89.0.214 | 网络安全驻场监测数据 |
| 97 | 2024-09-27 00:00:00 | 网络扫描-Suspicious inbound to PostgreSQL port 5432 | IP | 205.210.31.186 | 网络安全驻场监测数据 |
| 98 | 2024-09-27 00:00:00 | 网络扫描-Suspicious inbound to PostgreSQL port 5432 | IP | 172.105.83.102 | 网络安全驻场监测数据 |
| 99 | 2024-09-27 00:00:00 | ETPro情报-Block Listed Source group 1 | IP | 185.224.128.59 | 网络安全驻场监测数据 |
| 100 | 2024-09-26 00:00:00 | 网络扫描-IPMI Get Authentication Request (null seq number - null sessionID) | IP | 64.62.156.26 | 网络安全驻场监测数据 |