ioc[.]one - OSINT Cyber Threat Intelligence Database

Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966

Tags

attack-pattern:

Data Model Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	2d3d7e8c-f5e7-4bc2-ad4b-436f76fa8978
Fingerprint	b5913c5b6998febb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 23, 2023, midnight
Added to db	June 1, 2023, 10:45 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966
Title	Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966
Detected Hints/Tags/Attributes	86/1/107

Source URLs

	Redirection	Url
Details	Redirection	https://businessinsights.bitdefender.com/tech-advisory-manageengine-cve-2022-47966
Details	Redirection	https://www.bitdefender.com/blog/businessinsights/tech-advisory-manageengine-cve-2022-47966
Details	Source	https://www.bitdefender.com/blog/businessinsights/tech-advisory-manageengine-cve-2022-47966/

URL Provider

Details	Provider	Source level domain
Details	bitdefender.com	www.bitdefender.com
Details	bitdefender.com	businessinsights.bitdefender.com

Attributes

Details	Type	#Events	Value
Details	CVE	76	cve-2022-47966
Details	Domain	136	horizon3.ai
Details	Domain	3	cve-2022-47966.py
Details	Domain	6	tmpfiles.org
Details	Domain	1	0xx1.kaspenskyupdates.com
Details	Domain	1	icy51j1b6sbewpauivxwfrmcu30vok.oastify.com
Details	File	155	horizon3.ai
Details	File	87	java.exe
Details	File	226	certutil.exe
Details	File	63	bitsadmin.exe
Details	File	1208	powershell.exe
Details	File	93	curl.exe
Details	File	1	cn.exe
Details	File	3	cve-2022-47966.py
Details	File	34	a.txt
Details	File	2	any.bat
Details	File	2	any.txt
Details	File	5	enc.txt
Details	File	3	svchost.ps1
Details	File	137	conhost.exe
Details	File	41	svhost.exe
Details	File	33	shell.exe
Details	File	88	1.txt
Details	File	2	aaaa.txt
Details	File	75	favicon.ico
Details	File	2	dashboard.html
Details	File	8	logs.php
Details	File	1	comp.dat
Details	File	33	nc.exe
Details	File	2	import.reg
Details	File	1	time.bat
Details	File	3	conhost.txt
Details	File	1	k7avwscn.exe
Details	File	1	k7avwscn.pfx
Details	File	6	k7avwscn.dll
Details	File	1	k7avwscn.txt
Details	File	8	msftedit.dll
Details	File	14	cmd.txt
Details	File	1	mainfilterinitializer.jar
Details	md5	1	9a1d9fe9b1223273c314632d04008384
Details	md5	1	b777226ef93acdb168980bbca82a48fe
Details	md5	1	8da896375e5d33e7d7486dbf71d008d8
Details	md5	1	5c0227204548c5a768c2e11da02ff774
Details	md5	1	e0fb946c00b140693e3cf5de258c22a1
Details	md5	1	6e3b1169aac82b4d0e8ea0a24d1477d5
Details	md5	1	e2c644343fad304ccde047f3301066ba
Details	md5	1	9758c592ef4b9a2279f8e80e992248b6
Details	md5	1	199cb4936f7ef64fa134eb3cefff0518
Details	md5	1	988038d8407d510c905183b8f6c421d6
Details	md5	1	edac597788e7c3df14a5fdcd13ee8916
Details	md5	1	383b0d0dda2d7557b5cca518f53256b9
Details	md5	1	e3cff253b9ad9050eb57d957624b796e
Details	md5	1	53deb494057bb8e5d72b0f53bab1cb44
Details	md5	2	527c71c523d275c8367b67bbebf48e9f
Details	md5	1	61e82cae3c97887e4b367e507c4995ed
Details	md5	1	c027d641c4c1e9d9ad048cda2af85db6
Details	md5	1	4960591cc04b080827020393f21c405b
Details	md5	1	bfe79b11ee1b82ae95b14fd53b6c3fd3
Details	IPv4	1	212.192.246.232
Details	IPv4	1	80.85.156.184
Details	IPv4	4	111.68.7.122
Details	IPv4	1	146.70.126.178
Details	IPv4	1	185.163.45.86
Details	IPv4	1	79.141.162.36
Details	IPv4	1	143.244.153.229
Details	IPv4	1	160.20.147.145
Details	IPv4	1	104.223.35.221
Details	IPv4	3	146.4.21.94
Details	IPv4	1	45.146.7.20
Details	IPv4	1	149.28.57.130
Details	IPv4	1	45.154.14.194
Details	IPv4	1	78.141.247.105
Details	IPv4	1	135.181.121.232
Details	IPv4	1	5.255.107.19
Details	IPv4	1	139.99.118.61
Details	Pdb	1	ole.pdb
Details	Url	1	http://80.85.156.184:8085/cn.exe
Details	Url	1	https://tmpfiles.org/dl/788858/any.txt
Details	Url	1	https://tmpfiles.org/dl/765036/enc.txt
Details	Url	1	http://212.192.246.232/home/svchost.ps1
Details	Url	1	http://212.192.246.232/temp/conhost.exe
Details	Url	2	http://111.68.7.122:8081/svhost.exe
Details	Url	1	http://146.70.126.178:57228/shell.exe
Details	Url	1	http://185.163.45.86:8000/1.txt
Details	Url	1	http://79.141.162.36:8888/aaaa.txt
Details	Url	1	http://143.244.153.229:8090
Details	Url	1	http://160.20.147.145:8000/favicon.ico
Details	Url	1	http://104.223.35.221/dashboard.html
Details	Url	3	http://146.4.21.94/tmp/tmp/logs.php
Details	Url	3	http://146.4.21.94/tmp/tmp/comp.dat
Details	Url	1	http://45.146.7.20:8000/nc.exe
Details	Url	1	http://149.28.57.130:443/import.reg
Details	Url	1	http://149.28.57.130:443/time.bat
Details	Url	1	http://149.28.57.130:443/bdredline
Details	Url	1	http://45.154.14.194:443/conhost.txt
Details	Url	1	http://45.154.14.194:443/k7avwscn.exe
Details	Url	1	http://45.154.14.194:443/conhost.exe
Details	Url	1	http://45.154.14.194:8080/conhost.exe
Details	Url	1	http://45.154.14.194:443/k7avwscn.pfx
Details	Url	1	http://45.154.14.194:443/k7avwscn.dll
Details	Url	1	http://45.154.14.194:443/k7avwscn.txt
Details	Url	1	http://45.154.14.194:443/msftedit.dll
Details	Url	1	http://45.154.14.194:443/ole.pdb
Details	Url	1	http://45.154.14.194:443/cmd.txt
Details	Url	1	http://45.154.14.194:443/mainfilterinitializer.jar
Details	Url	1	http://45.154.14.194:443/import.reg
Details	Url	1	http://45.154.14.194:443/time.bat