ioc[.]one - OSINT Cyber Threat Intelligence Database

Injecting Java in-memory payloads for post-exploitation

Tags

attack-pattern:

Data Direct Model Confluence - T1213.001 Credentials - T1589.001 Javascript - T1059.007 Server - T1583.004 Server - T1584.004 Software - T1592.002 Template Injection - T1221 Tool - T1588.002 Vulnerabilities - T1588.006 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	3137e207-1500-4869-9a05-771586d4b2de
Fingerprint	bed959513c23578d
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 23, 2024, midnight
Added to db	Aug. 31, 2024, 10:48 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	Injecting Java in-memory payloads for post-exploitation
Title	Injecting Java in-memory payloads for post-exploitation
Detected Hints/Tags/Attributes	81/1/101

Source URLs

	Redirection	Url
Details	Source	https://www.synacktiv.com/publications/injecting-java-in-memory-payloads-for-post-exploitation.html

URL Provider

Details	Provider	Source level domain
Details	synacktiv.com	www.synacktiv.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	414	✔	Last Blog Article	https://www.synacktiv.com/en/feed/lastblog.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	12	cve-2022-36804
Details	CVE	11	cve-2017-1000353
Details	CVE	13	cve-2018-1000861
Details	CVE	1	cve-2019-1003005
Details	CVE	5	cve-2019-1003029
Details	CVE	34	cve-2023-22527
Details	CVE	122	cve-2022-26134
Details	Domain	3	com.sun.tools
Details	Domain	7	djava.io
Details	Domain	1	libattach.so
Details	Domain	4	org.my
Details	Domain	1	perm.name
Details	Domain	1	org.springframework.transaction.support
Details	Domain	138	java.io
Details	Domain	1	auth.remember-me.cookie.name
Details	Domain	6	is.read
Details	Domain	2	hudson.security
Details	Domain	10	org.springframework.security
Details	Domain	1	org.foo.bar
Details	Domain	2	class1.java
Details	Domain	2	class2.java
Details	Domain	12	www.synacktiv.com
Details	Domain	4127	github.com
Details	Domain	63	www.rapid7.com
Details	Domain	1	blog.frankel.ch
Details	Domain	1	fahdshariff.blogspot.com
Details	Domain	30	blog.csdn.net
Details	Domain	208	mp.weixin.qq.com
Details	Domain	7	ssd-disclosure.com
Details	Domain	3	blog.orange.tw
Details	Domain	1	www.codurance.com
Details	Domain	8	blog.projectdiscovery.io
Details	Domain	38	vulncheck.com
Details	Domain	1	www.pingidentity.com
Details	Domain	2	confluence-rce.md
Details	Domain	52	blog.cloudflare.com
Details	Email	1	1=@java.util.
Details	Email	1	1=@org.springframework.security.util.methodinvocationutils
Details	Email	1	system@out.println
Details	File	9	boot.log
Details	File	11	io.tmp
Details	File	2	tools.jar
Details	File	1	libattach.dll
Details	File	16	0.jar
Details	File	1	page.max
Details	File	14	permission.sys
Details	File	1	transactionsynchronizationmanager.bin
Details	File	2	cloudbees.pl
Details	File	2	jenkins.pl
Details	File	12	jenkinsci.pl
Details	File	3	ugins.pl
Details	File	1	impl.cer
Details	File	1	c.pas
Details	File	5	security.core
Details	File	1	cop.jar
Details	File	16	results.txt
Details	File	2	class1.java
Details	File	2	class2.java
Details	File	32	blog.cs
Details	File	1	looping-in-ognl.html
Details	Github username	1	notdls
Details	Github username	1	threedr3am
Details	Github username	2	rebeyond
Details	Github username	46	rapid7
Details	Github username	1	orangetw
Details	Github username	5	vulncheck-oss
Details	Github username	6	beichendream
Details	Github username	2	httpvoid
Details	Github username	1	crackercat
Details	Github username	4	landgrey
Details	md5	1	960285A70EAA39C4F21CAE9530A873F3
Details	sha1	1	eccf6dfd9acbde7dc82d43357df11e203d07b1df
Details	IPv4	1	11.0.20.1
Details	IPv4	3	172.16.0.2
Details	IPv4	1441	127.0.0.1
Details	Url	1	http://confluence.local:8090/admin/users/browseusers.action
Details	Url	1	https://www.synacktiv.com/publications/java-deserialization-tricks
Details	Url	1	https://github.com/notdls/cve-2022-36804
Details	Url	1	https://www.rapid7.com/db/modules/exploit/linux/http/bitbucket_git_cmd_
Details	Url	1	https://blog.frankel.ch/jvm-security/4
Details	Url	1	https://fahdshariff.blogspot.com/2011/08/changing-java-library-path-at-
Details	Url	1	https://blog.csdn.net/weixin_55436205/article/details/130323614
Details	Url	1	https://mp.weixin.qq.com/s/olnznd14nlzezegelrlv9g
Details	Url	1	https://github.com/threedr3am/zhouyu/tree/main
Details	Url	1	https://github.com/rebeyond/memshell/tree/master
Details	Url	1	https://github.com/rapid7/metasploit-framework/blob/master/modules/expl
Details	Url	1	https://ssd-disclosure.com/ssd-advisory-cloudbees-jenkins-unauthenticat
Details	Url	1	https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic
Details	Url	1	https://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthentic
Details	Url	1	https://github.com/orangetw/awesome-jenkins-rce-2019
Details	Url	1	https://www.codurance.com/publications/2019/05/30/accessing-and-dumping
Details	Url	1	https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-
Details	Url	1	https://vulncheck.com/blog/confluence-dreams-of-shells
Details	Url	1	https://github.com/vulncheck-oss/cve-2023-22527/tree/main
Details	Url	1	https://www.pingidentity.com/en/resources/blog/post/looping-in-ognl.html
Details	Url	1	https://github.com/beichendream/cve-2022-26134-godzilla-memshell
Details	Url	1	https://github.com/httpvoid/writeups/blob/main/confluence-rce.md
Details	Url	1	https://github.com/crackercat/postconfluence
Details	Url	1	https://github.com/beichendream/postconfluence
Details	Url	1	https://github.com/landgrey/copagent
Details	Url	1	https://blog.cloudflare.com/thanksgiving-2023-security-incident